Update Mend: high confidence minor and patch dependency updates #2
Security Report
❗️Scan Incomplete: The scan completed with partial failure. The integration encountered issues with one or more projects in this repository, preventing their scan. The errors occurred in the following package managers: ruby. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.
| CVE | Severity |  CVSS Score |
Exploit Maturity | EPSS | Vulnerable Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|---|
CVE-2024-4068Path to dependency file: /package.json Path to vulnerable library: /node_modules/braces/package.json Dependency Hierarchy: -> webpack-4.47.0.tgz (Root Library) -> watchpack-1.7.5.tgz -> watchpack-chokidar2-2.0.1.tgz -> chokidar-2.1.8.tgz -> ❌ braces-2.3.2.tgz (Vulnerable Library) |
 High |
7.5 | Not Defined | 0.0% | braces-2.3.2.tgz | Upgrade to version: braces - 3.0.3 | None |
|
CVE-2024-43788Path to dependency file: /package.json Path to vulnerable library: /node_modules/webpack/package.json Dependency Hierarchy: -> ❌ webpack-4.47.0.tgz (Vulnerable Library) |
 Medium |
6.4 | Not Defined | 0.1% | webpack-4.47.0.tgz | Upgrade to version: webpack - 5.94.0 | None |
|
CVE-2024-4067Path to dependency file: /package.json Path to vulnerable library: /node_modules/micromatch/package.json Dependency Hierarchy: -> webpack-4.47.0.tgz (Root Library) -> ❌ micromatch-3.1.10.tgz (Vulnerable Library) |
Medium |
5.3 | Not Defined | 0.0% | micromatch-3.1.10.tgz | Upgrade to version: micromatch - 4.0.8 | None |
|
CVE-2020-28469Path to dependency file: /package.json Path to vulnerable library: /node_modules/glob-parent/package.json Dependency Hierarchy: -> webpack-4.47.0.tgz (Root Library) -> watchpack-1.7.5.tgz -> watchpack-chokidar2-2.0.1.tgz -> chokidar-2.1.8.tgz -> ❌ glob-parent-3.1.0.tgz (Vulnerable Library) |
Medium |
5.3 | Not Defined | 1.2% | glob-parent-3.1.0.tgz | Upgrade to version: glob-parent - 5.1.2 | None |
|
CVE-2022-29970Path to dependency file: /Gemfile.lock Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/sinatra-1.0.gem Dependency Hierarchy: -> resque-scheduler-4.10.2.gem (Root Library) -> resque-2.6.0.gem -> ❌ sinatra-1.0.gem (Vulnerable Library) |
High |
7.5 | Not Defined | 0.2% | sinatra-1.0.gem | Upgrade to version: sinatra - 2.2.0 | #6 | |
CVE-2015-5147Path to dependency file: /Gemfile.lock Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/redcarpet-3.2.3.gem Dependency Hierarchy: -> ❌ redcarpet-3.2.3.gem (Vulnerable Library) |
High |
7.3 | Not Defined | 0.9% | redcarpet-3.2.3.gem | Upgrade to version: 3.3.2 | #5 | |
CVE-2020-26298Path to dependency file: /Gemfile.lock Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/redcarpet-3.2.3.gem Dependency Hierarchy: -> ❌ redcarpet-3.2.3.gem (Vulnerable Library) |
Medium |
6.8 | Not Defined | 0.1% | redcarpet-3.2.3.gem | Upgrade to version: redcarpet - 3.5.1 | #5 | |
CVE-2018-11627Path to dependency file: /Gemfile.lock Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/sinatra-1.0.gem Dependency Hierarchy: -> resque-scheduler-4.10.2.gem (Root Library) -> resque-2.6.0.gem -> ❌ sinatra-1.0.gem (Vulnerable Library) |
Medium |
6.1 | Not Defined | 0.1% | sinatra-1.0.gem | Upgrade to version: 2.0.2 | #6 | |
CVE-2024-21647Path to dependency file: /Gemfile.lock Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/puma-6.4.0.gem Dependency Hierarchy: -> ❌ puma-6.4.0.gem (Vulnerable Library) |
Medium |
5.9 | Not Defined | 0.0% | puma-6.4.0.gem | Upgrade to version: puma - 5.6.8,6.4.2 | #9 | |
CVE-2018-1000119Path to dependency file: /Gemfile.lock Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/sinatra-1.0.gem Dependency Hierarchy: -> resque-scheduler-4.10.2.gem (Root Library) -> resque-2.6.0.gem -> ❌ sinatra-1.0.gem (Vulnerable Library) |
Medium |
5.9 | Not Defined | 0.2% | sinatra-1.0.gem | Upgrade to version: sinatra - 2.0.0,2.0.0.rc5;rack-protection - 1.5.4,2.0.0.rc5 | #6 | |
CVE-2024-45614Path to dependency file: /Gemfile.lock Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/puma-6.4.0.gem Dependency Hierarchy: -> ❌ puma-6.4.0.gem (Vulnerable Library) |
Medium |
5.4 | Not Defined | 0.0% | puma-6.4.0.gem | Upgrade to version: puma - 5.6.9,6.4.3 | #9 | |
CVE-2024-43380Path to dependency file: /Gemfile.lock Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/fugit-1.9.0.gem Dependency Hierarchy: -> resque-scheduler-4.10.2.gem (Root Library) -> rufus-scheduler-3.9.1.gem -> ❌ fugit-1.9.0.gem (Vulnerable Library) |
Medium |
5.3 | Not Defined | 0.1% | fugit-1.9.0.gem | Upgrade to version: fugit - 1.11.1 | #6 | |
CVE-2018-7212Path to dependency file: /Gemfile.lock Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/sinatra-1.0.gem Dependency Hierarchy: -> resque-scheduler-4.10.2.gem (Root Library) -> resque-2.6.0.gem -> ❌ sinatra-1.0.gem (Vulnerable Library) |
Medium |
5.3 | Not Defined | 0.1% | sinatra-1.0.gem | Upgrade to version: 2.0.1 | #6 |
Total libraries scanned: 518
Scan token: f116be36231642e38334282344ea3147