Update dependency express to v4.20.0 (main) #8
Mend for GitHub.com / WhiteSource Security Check
failed
Sep 30, 2024 in 8m 48s
Security Report
❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.
Scan Details Report
general
https://vonagecc.jfrog.io/artifactory
Step | Level | Description | Details |
---|---|---|---|
Checking registry connectivity | ⚠Warn | Unsupported configuration was provided | unsupported host type gradle, skipped |
You have successfully remediated 9 vulnerabilities, but introduced 1 new vulnerabilities in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Exploit Maturity | EPSS | Vulnerable Library | Suggested Fix | Issue | Reachability |
---|---|---|---|---|---|---|---|---|
CVE-2024-43799Path to dependency file: /package.json Path to vulnerable library: /node_modules/serve-static/node_modules/send/package.json Dependency Hierarchy: -> express-4.20.0.tgz (Root Library) -> serve-static-1.16.0.tgz -> ❌ send-0.18.0.tgz (Vulnerable Library) |
Medium | 5.0 | Not Defined | 0.0% | send-0.18.0.tgz | Upgrade to version: send - 0.19.0 | None |
✔️ Remediated vulnerabilities:
CVE | Vulnerable Library |
---|---|
CVE-2021-3918 | json-schema-0.2.3.tgz |
CVE-2020-15366 | ajv-6.12.2.tgz |
CVE-2024-43796 | express-4.16.3.tgz |
CVE-2024-43799 | send-0.16.2.tgz |
CVE-2024-45590 | body-parser-1.18.2.tgz |
CVE-2024-29041 | express-4.16.3.tgz |
CVE-2022-25883 | semver-5.7.1.tgz |
CVE-2022-24999 | qs-6.5.1.tgz |
CVE-2024-45296 | path-to-regexp-0.1.7.tgz |
Base branch total remaining vulnerabilities: 19
Base branch commit: null
Total libraries scanned: 140
Scan token: 77fee6039ea444099d1f99b676b8375b
Loading