📂 Vulnerable Library - coffeelint-1.15.7.tgz
Lint your CoffeeScript
Path to dependency file: /script/package.json
Findings
| Finding |
Severity |
🎯 CVSS |
Exploit Maturity |
EPSS |
Library |
Type |
Fixed in |
Remediation Available |
Reachability |
| CVE-2021-44906 |
🟣 Critical |
9.3 |
Not Defined |
< 1% |
minimist-0.0.10.tgz |
Transitive |
N/A |
❌ |
|
| CVE-2016-10540 |
🔴 High |
8.7 |
Not Defined |
< 1% |
minimatch-2.0.10.tgz |
Transitive |
N/A |
❌ |
|
| CVE-2022-3517 |
🔴 High |
8.7 |
Not Defined |
< 1% |
minimatch-2.0.10.tgz |
Transitive |
N/A |
❌ |
|
| CVE-2020-7598 |
🟠 Medium |
6.3 |
Not Defined |
< 1% |
minimist-0.0.10.tgz |
Transitive |
N/A |
❌ |
|
Details
🟣CVE-2021-44906
Vulnerable Library - minimist-0.0.10.tgz
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.10.tgz
Path to dependency file: /script/package.json
Dependency Hierarchy:
- coffeelint-1.15.7.tgz (Root Library)
- optimist-0.6.1.tgz
- ❌ minimist-0.0.10.tgz (Vulnerable Library)
Vulnerability Details
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Publish Date: Mar 17, 2022 01:05 PM
URL: CVE-2021-44906
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 9.3
Suggested Fix
Type: Upgrade version
Origin: GHSA-xvch-5gv4-984h
Release Date: Mar 17, 2022 01:05 PM
Fix Resolution : minimist - 0.2.4,minimist - 1.2.6
🔴CVE-2016-10540
Vulnerable Library - minimatch-2.0.10.tgz
a glob matcher in javascript
Library home page: https://registry.npmjs.org/minimatch/-/minimatch-2.0.10.tgz
Path to dependency file: /package.json
Dependency Hierarchy:
-
scandal-3.2.0.tgz (Root Library)
- ❌ minimatch-2.0.10.tgz (Vulnerable Library)
-
settings-view-https://www.atom.io/api/packages/settings-view/versions/0.261.3/tarball.tgz (Root Library)
- glob-4.3.1.tgz
- ❌ minimatch-2.0.10.tgz (Vulnerable Library)
-
babel-core-5.8.38.tgz (Root Library)
- ❌ minimatch-2.0.10.tgz (Vulnerable Library)
-
coffeelint-1.15.7.tgz (Root Library)
- glob-4.5.3.tgz
- ❌ minimatch-2.0.10.tgz (Vulnerable Library)
-
legal-eagle-0.14.0.tgz (Root Library)
- read-installed-3.1.3.tgz
- read-package-json-1.3.3.tgz
- glob-5.0.15.tgz
- ❌ minimatch-2.0.10.tgz (Vulnerable Library)
-
glob-7.0.3.tgz (Root Library)
- ❌ minimatch-2.0.10.tgz (Vulnerable Library)
Vulnerability Details
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript "RegExp" objects. The primary function, "minimatch(path, pattern)" in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the "pattern" parameter.
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: May 31, 2018 08:00 PM
URL: CVE-2016-10540
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 8.7
Suggested Fix
Type: Upgrade version
Origin: GHSA-hxm2-r34f-qmc5
Release Date: May 31, 2018 08:00 PM
Fix Resolution : minimatch - 3.0.2
🔴CVE-2022-3517
Vulnerable Library - minimatch-2.0.10.tgz
a glob matcher in javascript
Library home page: https://registry.npmjs.org/minimatch/-/minimatch-2.0.10.tgz
Path to dependency file: /package.json
Dependency Hierarchy:
-
scandal-3.2.0.tgz (Root Library)
- ❌ minimatch-2.0.10.tgz (Vulnerable Library)
-
settings-view-https://www.atom.io/api/packages/settings-view/versions/0.261.3/tarball.tgz (Root Library)
- glob-4.3.1.tgz
- ❌ minimatch-2.0.10.tgz (Vulnerable Library)
-
babel-core-5.8.38.tgz (Root Library)
- ❌ minimatch-2.0.10.tgz (Vulnerable Library)
-
coffeelint-1.15.7.tgz (Root Library)
- glob-4.5.3.tgz
- ❌ minimatch-2.0.10.tgz (Vulnerable Library)
-
legal-eagle-0.14.0.tgz (Root Library)
- read-installed-3.1.3.tgz
- read-package-json-1.3.3.tgz
- glob-5.0.15.tgz
- ❌ minimatch-2.0.10.tgz (Vulnerable Library)
-
glob-7.0.3.tgz (Root Library)
- ❌ minimatch-2.0.10.tgz (Vulnerable Library)
Vulnerability Details
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
Publish Date: Oct 17, 2022 12:00 AM
URL: CVE-2022-3517
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 8.7
Suggested Fix
Type: Upgrade version
Origin: GHSA-f8q6-p94x-37v3
Release Date: Oct 17, 2022 12:00 AM
Fix Resolution : minimatch - 3.0.5
🟠CVE-2020-7598
Vulnerable Library - minimist-0.0.10.tgz
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.10.tgz
Path to dependency file: /script/package.json
Dependency Hierarchy:
- coffeelint-1.15.7.tgz (Root Library)
- optimist-0.6.1.tgz
- ❌ minimist-0.0.10.tgz (Vulnerable Library)
Vulnerability Details
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: Mar 11, 2020 09:40 PM
URL: CVE-2020-7598
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 6.3
Suggested Fix
Type: Upgrade version
Origin: GHSA-vh95-rmgr-6w4m
Release Date: Mar 11, 2020 09:40 PM
Fix Resolution : minimist - 1.2.3,minimist - 0.2.1
📂 Vulnerable Library - coffeelint-1.15.7.tgz
Lint your CoffeeScript
Path to dependency file: /script/package.json
Findings
Details
🟣CVE-2021-44906
Vulnerable Library - minimist-0.0.10.tgz
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.10.tgz
Path to dependency file: /script/package.json
Dependency Hierarchy:
Vulnerability Details
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Publish Date: Mar 17, 2022 01:05 PM
URL: CVE-2021-44906
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 9.3
Suggested Fix
Type: Upgrade version
Origin: GHSA-xvch-5gv4-984h
Release Date: Mar 17, 2022 01:05 PM
Fix Resolution : minimist - 0.2.4,minimist - 1.2.6
🔴CVE-2016-10540
Vulnerable Library - minimatch-2.0.10.tgz
a glob matcher in javascript
Library home page: https://registry.npmjs.org/minimatch/-/minimatch-2.0.10.tgz
Path to dependency file: /package.json
Dependency Hierarchy:
scandal-3.2.0.tgz (Root Library)
settings-view-https://www.atom.io/api/packages/settings-view/versions/0.261.3/tarball.tgz (Root Library)
babel-core-5.8.38.tgz (Root Library)
coffeelint-1.15.7.tgz (Root Library)
legal-eagle-0.14.0.tgz (Root Library)
glob-7.0.3.tgz (Root Library)
Vulnerability Details
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript "RegExp" objects. The primary function, "minimatch(path, pattern)" in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the "pattern" parameter.
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: May 31, 2018 08:00 PM
URL: CVE-2016-10540
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 8.7
Suggested Fix
Type: Upgrade version
Origin: GHSA-hxm2-r34f-qmc5
Release Date: May 31, 2018 08:00 PM
Fix Resolution : minimatch - 3.0.2
🔴CVE-2022-3517
Vulnerable Library - minimatch-2.0.10.tgz
a glob matcher in javascript
Library home page: https://registry.npmjs.org/minimatch/-/minimatch-2.0.10.tgz
Path to dependency file: /package.json
Dependency Hierarchy:
scandal-3.2.0.tgz (Root Library)
settings-view-https://www.atom.io/api/packages/settings-view/versions/0.261.3/tarball.tgz (Root Library)
babel-core-5.8.38.tgz (Root Library)
coffeelint-1.15.7.tgz (Root Library)
legal-eagle-0.14.0.tgz (Root Library)
glob-7.0.3.tgz (Root Library)
Vulnerability Details
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
Publish Date: Oct 17, 2022 12:00 AM
URL: CVE-2022-3517
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 8.7
Suggested Fix
Type: Upgrade version
Origin: GHSA-f8q6-p94x-37v3
Release Date: Oct 17, 2022 12:00 AM
Fix Resolution : minimatch - 3.0.5
🟠CVE-2020-7598
Vulnerable Library - minimist-0.0.10.tgz
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.10.tgz
Path to dependency file: /script/package.json
Dependency Hierarchy:
Vulnerability Details
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: Mar 11, 2020 09:40 PM
URL: CVE-2020-7598
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 6.3
Suggested Fix
Type: Upgrade version
Origin: GHSA-vh95-rmgr-6w4m
Release Date: Mar 11, 2020 09:40 PM
Fix Resolution : minimist - 1.2.3,minimist - 0.2.1