📂 Vulnerable Library - mochawesome-4.1.0.tgz
A gorgeous reporter for Mocha.js
Path to dependency file: /tests/e2e/package.json
Findings
| Finding |
Severity |
🎯 CVSS |
Exploit Maturity |
EPSS |
Library |
Type |
Fixed in |
Remediation Available |
Reachability |
| CVE-2021-3765 |
🟠 Medium |
6.9 |
Not Defined |
< 1% |
validator-10.11.0.tgz |
Transitive |
N/A |
❌ |
|
Details
🟠CVE-2021-3765
Vulnerable Library - validator-10.11.0.tgz
String validation and sanitization
Library home page: https://registry.npmjs.org/validator/-/validator-10.11.0.tgz
Path to dependency file: /tests/e2e/package.json
Dependency Hierarchy:
- mochawesome-4.1.0.tgz (Root Library)
- mochawesome-report-generator-4.1.0.tgz
- ❌ validator-10.11.0.tgz (Vulnerable Library)
Vulnerability Details
validator.js is vulnerable to Inefficient Regular Expression Complexity
Publish Date: Nov 02, 2021 07:05 AM
URL: CVE-2021-3765
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 6.9
Suggested Fix
Type: Upgrade version
Origin: GHSA-qgmg-gppg-76g5
Release Date: Nov 02, 2021 07:05 AM
Fix Resolution : validator - 13.7.0
📂 Vulnerable Library - mochawesome-4.1.0.tgz
A gorgeous reporter for Mocha.js
Path to dependency file: /tests/e2e/package.json
Findings
Details
🟠CVE-2021-3765
Vulnerable Library - validator-10.11.0.tgz
String validation and sanitization
Library home page: https://registry.npmjs.org/validator/-/validator-10.11.0.tgz
Path to dependency file: /tests/e2e/package.json
Dependency Hierarchy:
Vulnerability Details
validator.js is vulnerable to Inefficient Regular Expression Complexity
Publish Date: Nov 02, 2021 07:05 AM
URL: CVE-2021-3765
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 6.9
Suggested Fix
Type: Upgrade version
Origin: GHSA-qgmg-gppg-76g5
Release Date: Nov 02, 2021 07:05 AM
Fix Resolution : validator - 13.7.0