📂 Vulnerable Library - mkdirp-0.5.5.tgz
Recursively mkdir, like mkdir -p
Path to dependency file: /package.json
Findings
| Finding |
Severity |
🎯 CVSS |
Exploit Maturity |
EPSS |
Library |
Type |
Fixed in |
Remediation Available |
Reachability |
| CVE-2021-44906 |
🟣 Critical |
9.3 |
Not Defined |
< 1% |
minimist-1.2.5.tgz |
Transitive |
N/A |
❌ |
 Reachable |
| CVE-2020-7598 |
🟠 Medium |
6.3 |
Not Defined |
< 1% |
minimist-1.2.5.tgz |
Transitive |
N/A |
❌ |
|
Details
🟣CVE-2021-44906
Vulnerable Library - minimist-1.2.5.tgz
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz
Path to dependency file: /package.json
Dependency Hierarchy:
Reachability Analysis
This vulnerability is potentially reachable:
- verdaccio-2.3.1/package.json (Application)
- snyk-1.434.3/dist/cli/index.js (Extension)
- snyk-1.434.3/dist/lib/analytics.js (Extension)
- snyk-1.434.3/dist/lib/config.js (Extension)
- snyk-config-4.0.0-rc.2/dist/index.js (Extension)
- snyk-config-4.0.0-rc.2/dist/nconf/nconf.js (Extension)
- snyk-config-4.0.0-rc.2/dist/nconf/nconf/stores/argv.js (Extension)
-> ❌ minimist-1.2.5/index.js (Vulnerable Component)
Vulnerability Details
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Publish Date: Mar 17, 2022 01:05 PM
URL: CVE-2021-44906
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 9.3
Suggested Fix
Type: Upgrade version
Origin: GHSA-xvch-5gv4-984h
Release Date: Mar 17, 2022 01:05 PM
Fix Resolution : minimist - 0.2.4,minimist - 1.2.6
🟠CVE-2020-7598
Vulnerable Library - minimist-1.2.5.tgz
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz
Path to dependency file: /package.json
Dependency Hierarchy:
Vulnerability Details
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: Mar 11, 2020 09:40 PM
URL: CVE-2020-7598
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 6.3
Suggested Fix
Type: Upgrade version
Origin: GHSA-vh95-rmgr-6w4m
Release Date: Mar 11, 2020 09:40 PM
Fix Resolution : minimist - 1.2.3,minimist - 0.2.1
📂 Vulnerable Library - mkdirp-0.5.5.tgz
Recursively mkdir, like
mkdir -pPath to dependency file: /package.json
Findings
Details
🟣CVE-2021-44906
Vulnerable Library - minimist-1.2.5.tgz
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz
Path to dependency file: /package.json
Dependency Hierarchy:
mkdirp-0.5.5.tgz (Root Library)
snyk-1.434.3.tgz (Root Library)
Reachability Analysis
This vulnerability is potentially reachable:
Vulnerability Details
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Publish Date: Mar 17, 2022 01:05 PM
URL: CVE-2021-44906
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 9.3
Suggested Fix
Type: Upgrade version
Origin: GHSA-xvch-5gv4-984h
Release Date: Mar 17, 2022 01:05 PM
Fix Resolution : minimist - 0.2.4,minimist - 1.2.6
🟠CVE-2020-7598
Vulnerable Library - minimist-1.2.5.tgz
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz
Path to dependency file: /package.json
Dependency Hierarchy:
mkdirp-0.5.5.tgz (Root Library)
snyk-1.434.3.tgz (Root Library)
Vulnerability Details
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: Mar 11, 2020 09:40 PM
URL: CVE-2020-7598
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 6.3
Suggested Fix
Type: Upgrade version
Origin: GHSA-vh95-rmgr-6w4m
Release Date: Mar 11, 2020 09:40 PM
Fix Resolution : minimist - 1.2.3,minimist - 0.2.1