-
Notifications
You must be signed in to change notification settings - Fork 108
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 5.3) #813
Labels
Mend: dependency security vulnerability
Security vulnerability detected by Mend
Comments
mend-for-github-com
bot
added
the
Mend: dependency security vulnerability
Security vulnerability detected by Mend
label
Jul 17, 2022
1 task
mend-for-github-com
bot
changed the title
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 5.3)
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 7.5)
Aug 3, 2022
1 task
This was referenced Apr 30, 2024
mend-for-github-com
bot
changed the title
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 7.5)
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 5.3)
Sep 8, 2024
mend-for-github-com
bot
changed the title
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 5.3)
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 5.3) unreachable
Nov 11, 2024
mend-for-github-com
bot
changed the title
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 5.3) unreachable
grunt-terser-1.0.0.tgz: 2 vulnerabilities (highest severity is: 7.5)
Nov 13, 2024
mend-for-github-com
bot
changed the title
grunt-terser-1.0.0.tgz: 2 vulnerabilities (highest severity is: 7.5)
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 5.3)
Nov 18, 2024
mend-for-github-com
bot
changed the title
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 5.3)
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 5.3) unreachable
Nov 18, 2024
mend-for-github-com
bot
changed the title
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 5.3) unreachable
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 5.3)
Nov 18, 2024
mend-for-github-com
bot
changed the title
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 5.3)
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 5.3) unreachable
Nov 21, 2024
mend-for-github-com
bot
changed the title
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 5.3) unreachable
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 5.3)
Nov 29, 2024
mend-for-github-com
bot
changed the title
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 5.3)
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 5.3) unreachable
Dec 6, 2024
mend-for-github-com
bot
changed the title
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 5.3) unreachable
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 5.3)
Dec 6, 2024
mend-for-github-com
bot
changed the title
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 5.3)
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 5.3) unreachable
Dec 9, 2024
mend-for-github-com
bot
changed the title
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 5.3) unreachable
grunt-terser-1.0.0.tgz: 1 vulnerabilities (highest severity is: 5.3)
Dec 9, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Mend: dependency security vulnerability
Security vulnerability detected by Mend
0 participants
Vulnerable Library - grunt-terser-1.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/terser/package.json
Found in HEAD commit: 7c898c0839317ea7989d15935972aa4dc520b907
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2022-25858
Vulnerable Library - terser-4.8.0.tgz
JavaScript parser, mangler/compressor and beautifier toolkit for ES6+
Library home page: https://registry.npmjs.org/terser/-/terser-4.8.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/terser/package.json
Dependency Hierarchy:
Found in HEAD commit: 7c898c0839317ea7989d15935972aa4dc520b907
Found in base branches: develop, master
Vulnerability Details
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
Publish Date: 2022-07-15
URL: CVE-2022-25858
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.3%
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25858
Release Date: 2022-07-15
Fix Resolution (terser): 4.8.1
Direct dependency fix Resolution (grunt-terser): 2.0.0
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
The text was updated successfully, but these errors were encountered: