compat-3.3.4.tgz: 1 vulnerabilities (highest severity is: 2.9) [trunk]

[mend-developer-platform-dev]

📂 Vulnerable Library - compat-3.3.4.tgz

Path to dependency file: /src/Administration/Resources/app/administration/package.json

Findings

Finding	Severity	🎯 CVSS	Exploit Maturity	EPSS	Library	Type	Fixed in	Remediation Available	Reachability
CVE-2024-9506	🟡 Low	2.9	Not Defined	< 1%	vue-2.7.14.tgz	Direct	vue - 3.0.0-alpha.0,vue - 3.0.0	✅

Details

🟡CVE-2024-9506

Vulnerable Library - vue-2.7.14.tgz

Reactive, component-oriented view layer for modern web interfaces.

Library home page: https://registry.npmjs.org/vue/-/vue-2.7.14.tgz

Path to dependency file: /tests/e2e/cypress/fixtures/TestPlugin/src/Resources/app/administration/package.json

Dependency Hierarchy:

• ❌ vue-2.7.14.tgz (Vulnerable Library)

• vue-router-4.2.2.tgz (Root Library)

  • ❌ vue-2.7.14.tgz (Vulnerable Library)

• vuex-4.1.0.tgz (Root Library)

  • ❌ vue-2.7.14.tgz (Vulnerable Library)

• vuex-3.6.2.tgz (Root Library)

  • ❌ vue-2.7.14.tgz (Vulnerable Library)

• test-utils-2.3.2.tgz (Root Library)

  • server-renderer-3.3.4.tgz
    • ❌ vue-2.7.14.tgz (Vulnerable Library)

• test-utils-1.3.6.tgz (Root Library)

  • ❌ vue-2.7.14.tgz (Vulnerable Library)

• compat-3.3.4.tgz (Root Library)

  • ❌ vue-2.7.14.tgz (Vulnerable Library)

• vue-3.3.4.tgz (Root Library)

  • server-renderer-3.3.4.tgz
    • ❌ vue-2.7.14.tgz (Vulnerable Library)

• vue-i18n-9.2.2.tgz (Root Library)

  • ❌ vue-2.7.14.tgz (Vulnerable Library)

---

Vulnerability Details

Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.

Publish Date: Oct 15, 2024 03:40 PM

URL: CVE-2024-9506

Threat Assessment

Exploit Maturity:Not Defined

EPSS:< 1%

Score: 2.9

---

Suggested Fix

Type: Upgrade version

Origin: GHSA-5j4c-8p2g-v4jx

Release Date: Oct 15, 2024 03:40 PM

Fix Resolution : vue - 3.0.0-alpha.0,vue - 3.0.0