📂 Vulnerable Library - dagre-0.8.5.tgz
Graph layout for JavaScript
Path to dependency file: /flink-runtime-web/web-dashboard/package.json
Path to vulnerable library: /flink-runtime-web/web-dashboard/node_modules/dagre/package.json
Findings
| Finding |
Severity |
🎯 CVSS |
Exploit Maturity |
EPSS |
Library |
Type |
Fixed in |
Remediation Available |
Reachability |
| CVE-121740-819191 |
🟣 Critical |
9.8 |
N/A |
N/A |
lodash-4.17.21.tgz |
Transitive |
N/A |
❌ |
 Reachable |
Details
🟣CVE-121740-819191
Vulnerable Library - lodash-4.17.21.tgz
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz
Path to dependency file: /flink-runtime-web/web-dashboard/package.json
Path to vulnerable library: /flink-runtime-web/web-dashboard/node_modules/lodash/package.json
Dependency Hierarchy:
- dagre-0.8.5.tgz (Root Library)
- graphlib-2.1.8.tgz
- ❌ lodash-4.17.21.tgz (Vulnerable Library)
Reachability Analysis
This vulnerability is potentially reachable:
- flink-dashboard-2.0.0/src/app/components/dagre/graph.ts (Application)
- dagre-0.8.5/index.js (Extension)
- dagre-0.8.5/lib/graphlib.js (Extension)
- graphlib-2.1.8/index.js (Extension)
- graphlib-2.1.8/lib/json.js (Extension)
- graphlib-2.1.8/lib/lodash.js (Extension)
- lodash-4.17.21/size.js (Extension)
- lodash-4.17.21/_getTag.js (Extension)
- lodash-4.17.21/_WeakMap.js (Extension)
- lodash-4.17.21/_getNative.js (Extension)
- lodash-4.17.21/_baseIsNative.js (Extension)
-> ❌ lodash-4.17.21/_isMasked.js (Vulnerable Component)
Vulnerability Details
Created automatically by the test suite
Publish Date: Jun 07, 2010 05:12 PM
URL: CVE-121740-819191
Threat Assessment
Exploit Maturity:N/A
EPSS:N/A
Score: 9.8
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :
📂 Vulnerable Library - dagre-0.8.5.tgz
Graph layout for JavaScript
Path to dependency file: /flink-runtime-web/web-dashboard/package.json
Path to vulnerable library: /flink-runtime-web/web-dashboard/node_modules/dagre/package.json
Findings
Details
🟣CVE-121740-819191
Vulnerable Library - lodash-4.17.21.tgz
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz
Path to dependency file: /flink-runtime-web/web-dashboard/package.json
Path to vulnerable library: /flink-runtime-web/web-dashboard/node_modules/lodash/package.json
Dependency Hierarchy:
Reachability Analysis
This vulnerability is potentially reachable:
Vulnerability Details
Created automatically by the test suite
Publish Date: Jun 07, 2010 05:12 PM
URL: CVE-121740-819191
Threat Assessment
Exploit Maturity:N/A
EPSS:N/A
Score: 9.8
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :