csurf-1.11.0.tgz: 1 vulnerabilities (highest severity is: 9.8) [master]

[mend-developer-platform-dev]

📂 Vulnerable Library - csurf-1.11.0.tgz

CSRF token middleware

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/csurf/package.json

Findings

Finding	Severity	🎯 CVSS	Exploit Maturity	EPSS	Library	Type	Fixed in	Remediation Available	Reachability
CVE-289561-266276	🟣 Critical	9.8	N/A	N/A	inherits-2.0.4.tgz	Transitive	N/A	❌

Details

🟣CVE-289561-266276

Vulnerable Library - inherits-2.0.4.tgz

Browser-friendly inheritance fully compatible with standard node.js inherits()

Library home page: https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/inherits/package.json

Dependency Hierarchy:

• csurf-1.11.0.tgz (Root Library)

  • http-errors-1.7.3.tgz
    • ❌ inherits-2.0.4.tgz (Vulnerable Library)

• libxmljs-0.19.10.tgz (Root Library)

  • node-pre-gyp-1.0.11.tgz
    • npmlog-5.0.1.tgz
      • are-we-there-yet-2.0.0.tgz
        • readable-stream-3.6.2.tgz
          • ❌ inherits-2.0.4.tgz (Vulnerable Library)

• bcrypt-1.0.3.tgz (Root Library)

  • node-pre-gyp-0.6.36.tgz
    • tar-pack-3.4.1.tgz
      • readable-stream-2.3.8.tgz
        • ❌ inherits-2.0.4.tgz (Vulnerable Library)

• express-fileupload-0.4.0.tgz (Root Library)

  • busboy-0.2.14.tgz
    • readable-stream-1.1.14.tgz
      • ❌ inherits-2.0.4.tgz (Vulnerable Library)

• express-4.21.2.tgz (Root Library)

  • send-0.19.0.tgz
    • http-errors-2.0.0.tgz
      • ❌ inherits-2.0.4.tgz (Vulnerable Library)

• winston-3.18.3.tgz (Root Library)

  • winston-transport-4.9.0.tgz
    • readable-stream-3.6.2.tgz
      • ❌ inherits-2.0.4.tgz (Vulnerable Library)

---

Vulnerability Details

Created automatically by the test suite

Publish Date: Jun 07, 2010 05:12 PM

URL: CVE-289561-266276

Threat Assessment

Exploit Maturity:N/A

EPSS:N/A

Score: 9.8

---

Suggested Fix

Type: Upgrade version

Origin:

Release Date:

Fix Resolution :