📂 Vulnerable Library - babel-jest-29.5.0.tgz
Jest plugin to use babel for transformation.
Path to dependency file: /src/Administration/Resources/app/administration/package.json
Findings
| Finding |
Severity |
🎯 CVSS |
Exploit Maturity |
EPSS |
Library |
Type |
Fixed in |
Remediation Available |
Reachability |
| CVE-2022-3517 |
🔴 High |
8.7 |
Not Defined |
< 1% |
minimatch-3.0.4.tgz |
Transitive |
N/A |
❌ |
|
Details
🔴CVE-2022-3517
Vulnerable Library - minimatch-3.0.4.tgz
a glob matcher in javascript
Library home page: https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz
Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json
Dependency Hierarchy:
-
babel-jest-29.5.0.tgz (Root Library)
- babel-plugin-istanbul-6.1.1.tgz
- test-exclude-6.0.0.tgz
- ❌ minimatch-3.0.4.tgz (Vulnerable Library)
-
optional-chaining-codemod-1.7.0.tgz (Root Library)
- jscodeshift-0.13.1.tgz
- node-dir-0.1.17.tgz
- ❌ minimatch-3.0.4.tgz (Vulnerable Library)
-
glob-7.1.4.tgz (Root Library)
- ❌ minimatch-3.0.4.tgz (Vulnerable Library)
-
mocha-7.2.0.tgz (Root Library)
- ❌ minimatch-3.0.4.tgz (Vulnerable Library)
-
twig-1.15.4.tgz (Root Library)
- ❌ minimatch-3.0.4.tgz (Vulnerable Library)
-
twig-1.13.3.tgz (Root Library)
- ❌ minimatch-3.0.4.tgz (Vulnerable Library)
-
nuxt-2.10.2.tgz (Root Library)
- webpack-2.10.2.tgz
- style-resources-loader-1.3.2.tgz
- glob-7.1.6.tgz
- ❌ minimatch-3.0.4.tgz (Vulnerable Library)
-
webpack-plugin-injector-1.0.6.tgz (Root Library)
- copy-webpack-plugin-5.1.2.tgz
- ❌ minimatch-3.0.4.tgz (Vulnerable Library)
-
fork-ts-checker-webpack-plugin-6.5.3.tgz (Root Library)
- ❌ minimatch-3.0.4.tgz (Vulnerable Library)
Vulnerability Details
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
Publish Date: Oct 17, 2022 12:00 AM
URL: CVE-2022-3517
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 8.7
Suggested Fix
Type: Upgrade version
Origin: GHSA-f8q6-p94x-37v3
Release Date: Oct 17, 2022 12:00 AM
Fix Resolution : minimatch - 3.0.5
📂 Vulnerable Library - babel-jest-29.5.0.tgz
Jest plugin to use babel for transformation.
Path to dependency file: /src/Administration/Resources/app/administration/package.json
Findings
Details
🔴CVE-2022-3517
Vulnerable Library - minimatch-3.0.4.tgz
a glob matcher in javascript
Library home page: https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz
Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json
Dependency Hierarchy:
babel-jest-29.5.0.tgz (Root Library)
optional-chaining-codemod-1.7.0.tgz (Root Library)
glob-7.1.4.tgz (Root Library)
mocha-7.2.0.tgz (Root Library)
twig-1.15.4.tgz (Root Library)
twig-1.13.3.tgz (Root Library)
nuxt-2.10.2.tgz (Root Library)
webpack-plugin-injector-1.0.6.tgz (Root Library)
fork-ts-checker-webpack-plugin-6.5.3.tgz (Root Library)
Vulnerability Details
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
Publish Date: Oct 17, 2022 12:00 AM
URL: CVE-2022-3517
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 8.7
Suggested Fix
Type: Upgrade version
Origin: GHSA-f8q6-p94x-37v3
Release Date: Oct 17, 2022 12:00 AM
Fix Resolution : minimatch - 3.0.5