📂 Vulnerable Library - express-4.21.2.tgz
Fast, unopinionated, minimalist web framework
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/express/package.json
Findings
| Finding |
Severity |
🎯 CVSS |
Exploit Maturity |
EPSS |
Library |
Type |
Fixed in |
Remediation Available |
Reachability |
| CVE-154062-641864 |
🟣 Critical |
9.8 |
N/A |
N/A |
ee-first-1.1.1.tgz |
Transitive |
N/A |
❌ |
|
| CVE-289561-266276 |
🟣 Critical |
9.8 |
N/A |
N/A |
inherits-2.0.4.tgz |
Transitive |
N/A |
❌ |
|
| CVE-398484-724968 |
🟣 Critical |
9.8 |
N/A |
N/A |
ms-2.1.3.tgz |
Transitive |
N/A |
❌ |
|
| CVE-616547-419802 |
🟣 Critical |
9.8 |
N/A |
N/A |
parseurl-1.3.3.tgz |
Transitive |
N/A |
❌ |
|
Details
🟣CVE-154062-641864
Vulnerable Library - ee-first-1.1.1.tgz
return the first event in a set of ee/event pairs
Library home page: https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/ee-first/package.json
Dependency Hierarchy:
Vulnerability Details
Created automatically by the test suite
Publish Date: Jun 07, 2010 05:12 PM
URL: CVE-154062-641864
Threat Assessment
Exploit Maturity:N/A
EPSS:N/A
Score: 9.8
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :
🟣CVE-289561-266276
Vulnerable Library - inherits-2.0.4.tgz
Browser-friendly inheritance fully compatible with standard node.js inherits()
Library home page: https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/inherits/package.json
Dependency Hierarchy:
-
csurf-1.11.0.tgz (Root Library)
- http-errors-1.7.3.tgz
- ❌ inherits-2.0.4.tgz (Vulnerable Library)
-
libxmljs-0.19.10.tgz (Root Library)
- node-pre-gyp-1.0.11.tgz
- npmlog-5.0.1.tgz
- are-we-there-yet-2.0.0.tgz
- readable-stream-3.6.2.tgz
- ❌ inherits-2.0.4.tgz (Vulnerable Library)
-
bcrypt-1.0.3.tgz (Root Library)
- node-pre-gyp-0.6.36.tgz
- tar-pack-3.4.1.tgz
- readable-stream-2.3.8.tgz
- ❌ inherits-2.0.4.tgz (Vulnerable Library)
-
express-fileupload-0.4.0.tgz (Root Library)
- busboy-0.2.14.tgz
- readable-stream-1.1.14.tgz
- ❌ inherits-2.0.4.tgz (Vulnerable Library)
-
express-4.21.2.tgz (Root Library)
- send-0.19.0.tgz
- http-errors-2.0.0.tgz
- ❌ inherits-2.0.4.tgz (Vulnerable Library)
-
winston-3.18.3.tgz (Root Library)
- winston-transport-4.9.0.tgz
- readable-stream-3.6.2.tgz
- ❌ inherits-2.0.4.tgz (Vulnerable Library)
Vulnerability Details
Created automatically by the test suite
Publish Date: Jun 07, 2010 05:12 PM
URL: CVE-289561-266276
Threat Assessment
Exploit Maturity:N/A
EPSS:N/A
Score: 9.8
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :
🟣CVE-398484-724968
Vulnerable Library - ms-2.1.3.tgz
Tiny millisecond conversion utility
Library home page: https://registry.npmjs.org/ms/-/ms-2.1.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/send/node_modules/ms/package.json
Dependency Hierarchy:
-
libxmljs-0.19.10.tgz (Root Library)
- node-pre-gyp-1.0.11.tgz
- https-proxy-agent-5.0.1.tgz
- debug-4.4.3.tgz
- ❌ ms-2.1.3.tgz (Vulnerable Library)
-
sequelize-4.44.4.tgz (Root Library)
- debug-3.2.7.tgz
- ❌ ms-2.1.3.tgz (Vulnerable Library)
-
express-4.21.2.tgz (Root Library)
- send-0.19.0.tgz
- ❌ ms-2.1.3.tgz (Vulnerable Library)
-
winston-3.18.3.tgz (Root Library)
- logform-2.7.0.tgz
- ❌ ms-2.1.3.tgz (Vulnerable Library)
Vulnerability Details
Created automatically by the test suite
Publish Date: Jun 07, 2010 05:12 PM
URL: CVE-398484-724968
Threat Assessment
Exploit Maturity:N/A
EPSS:N/A
Score: 9.8
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :
🟣CVE-616547-419802
Vulnerable Library - parseurl-1.3.3.tgz
parse a url with memoization
Library home page: https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/parseurl/package.json
Dependency Hierarchy:
Vulnerability Details
Created automatically by the test suite
Publish Date: Jun 07, 2010 05:12 PM
URL: CVE-616547-419802
Threat Assessment
Exploit Maturity:N/A
EPSS:N/A
Score: 9.8
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :
📂 Vulnerable Library - express-4.21.2.tgz
Fast, unopinionated, minimalist web framework
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/express/package.json
Findings
Details
🟣CVE-154062-641864
Vulnerable Library - ee-first-1.1.1.tgz
return the first event in a set of ee/event pairs
Library home page: https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/ee-first/package.json
Dependency Hierarchy:
morgan-1.10.1.tgz (Root Library)
express-4.21.2.tgz (Root Library)
Vulnerability Details
Created automatically by the test suite
Publish Date: Jun 07, 2010 05:12 PM
URL: CVE-154062-641864
Threat Assessment
Exploit Maturity:N/A
EPSS:N/A
Score: 9.8
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :
🟣CVE-289561-266276
Vulnerable Library - inherits-2.0.4.tgz
Browser-friendly inheritance fully compatible with standard node.js inherits()
Library home page: https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/inherits/package.json
Dependency Hierarchy:
csurf-1.11.0.tgz (Root Library)
libxmljs-0.19.10.tgz (Root Library)
bcrypt-1.0.3.tgz (Root Library)
express-fileupload-0.4.0.tgz (Root Library)
express-4.21.2.tgz (Root Library)
winston-3.18.3.tgz (Root Library)
Vulnerability Details
Created automatically by the test suite
Publish Date: Jun 07, 2010 05:12 PM
URL: CVE-289561-266276
Threat Assessment
Exploit Maturity:N/A
EPSS:N/A
Score: 9.8
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :
🟣CVE-398484-724968
Vulnerable Library - ms-2.1.3.tgz
Tiny millisecond conversion utility
Library home page: https://registry.npmjs.org/ms/-/ms-2.1.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/send/node_modules/ms/package.json
Dependency Hierarchy:
libxmljs-0.19.10.tgz (Root Library)
sequelize-4.44.4.tgz (Root Library)
express-4.21.2.tgz (Root Library)
winston-3.18.3.tgz (Root Library)
Vulnerability Details
Created automatically by the test suite
Publish Date: Jun 07, 2010 05:12 PM
URL: CVE-398484-724968
Threat Assessment
Exploit Maturity:N/A
EPSS:N/A
Score: 9.8
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :
🟣CVE-616547-419802
Vulnerable Library - parseurl-1.3.3.tgz
parse a url with memoization
Library home page: https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/parseurl/package.json
Dependency Hierarchy:
express-session-1.18.2.tgz (Root Library)
express-4.21.2.tgz (Root Library)
Vulnerability Details
Created automatically by the test suite
Publish Date: Jun 07, 2010 05:12 PM
URL: CVE-616547-419802
Threat Assessment
Exploit Maturity:N/A
EPSS:N/A
Score: 9.8
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :