IssueHunt
Bug Bounty (New!)
Browse
Sign in with GitHub
scriptex/github-pages-vuepress

CVE-2021-3807 (Medium) detected in multiple libraries #109

whitesource-bolt-for-github[bot] posted onGitHub

CVE-2021-3807 - Medium Severity Vulnerability

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/vulnerability_details.png&#39; width=19 height=20> Vulnerable Libraries - <b>ansi-regex-4.1.0.tgz</b>, <b>ansi-regex-2.1.1.tgz</b>, <b>ansi-regex-5.0.0.tgz</b></p></summary> <p>

<details><summary><b>ansi-regex-4.1.0.tgz</b></p></summary>

<p>Regular expression for matching ANSI escape codes</p> <p>Library home page: <a href="https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz">https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz</a></p> <p>Path to dependency file: github-pages-vuepress/package.json</p> <p>Path to vulnerable library: github-pages-vuepress/node_modules/ansi-regex/package.json</p> <p>

Dependency Hierarchy:

  • vuepress-1.8.2.tgz (Root Library)
    • core-1.8.2.tgz
      • webpackbar-3.2.0.tgz
        • wrap-ansi-5.1.0.tgz
          • strip-ansi-5.2.0.tgz
            • :x: ansi-regex-4.1.0.tgz (Vulnerable Library)

              </details> <details><summary><b>ansi-regex-2.1.1.tgz</b></p></summary>

<p>Regular expression for matching ANSI escape codes</p> <p>Library home page: <a href="https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz">https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz</a></p> <p>Path to dependency file: github-pages-vuepress/package.json</p> <p>Path to vulnerable library: github-pages-vuepress/node_modules/ansi-regex/package.json</p> <p>

Dependency Hierarchy:

  • vuepress-1.8.2.tgz (Root Library)
    • core-1.8.2.tgz
      • vue-server-renderer-2.6.12.tgz
        • chalk-1.1.3.tgz
          • strip-ansi-3.0.1.tgz
            • :x: ansi-regex-2.1.1.tgz (Vulnerable Library)

              </details> <details><summary><b>ansi-regex-5.0.0.tgz</b></p></summary>

<p>Regular expression for matching ANSI escape codes</p> <p>Library home page: <a href="https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz">https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz</a></p> <p>Path to dependency file: github-pages-vuepress/package.json</p> <p>Path to vulnerable library: github-pages-vuepress/node_modules/ansi-regex/package.json</p> <p>

Dependency Hierarchy:

  • vuepress-1.8.2.tgz (Root Library)
    • update-notifier-4.1.3.tgz
      • boxen-4.2.0.tgz
        • string-width-4.2.2.tgz
          • strip-ansi-6.0.0.tgz
            • :x: ansi-regex-5.0.0.tgz (Vulnerable Library)

              </details>

<p>Found in HEAD commit: <a href="https://github.com/scriptex/github-pages-vuepress/commit/20e3cd7cbde80fb9d9c5e9374cc6f0ffeff3fe98">20e3cd7cbde80fb9d9c5e9374cc6f0ffeff3fe98</a></p> <p>Found in base branch: <b>master</b></p> </p> </details> <p></p> <details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png&#39; width=19 height=20> Vulnerability Details</summary> <p>

ansi-regex is vulnerable to Inefficient Regular Expression Complexity

<p>Publish Date: 2021-09-17 <p>URL: <a href=https://vuln.whitesourcesoftware.com/vulnerability/CVE-2021-3807>CVE-2021-3807</a></p> </p> </details> <p></p> <details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png&#39; width=19 height=20> CVSS 3 Score Details (<b>5.5</b>)</summary> <p>

Base Score Metrics:

<p>Type: Upgrade version</p> <p>Origin: <a href="https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994/">https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994/</a></p> <p>Release Date: 2021-09-17</p> <p>Fix Resolution: ansi-regex - 5.0.1,6.0.1</p>

</p> </details> <p></p>

Step up your Open Source Security Game with WhiteSource here

Fund this Issue

$0.00
Funded

Pull requests

Company
AboutMission
Community
SpectrumEmbed
Support
FAQTerms of usePrivacy policyCode of conductCredits
Connect
FacebookTwitter

© 2019 BoostIO, Inc.