[Snyk] Security upgrade express from 4.16.4 to 4.20.0 #22
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2021-42740Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> npm-run-all-4.1.5.tgz (Root Library) -> ❌ shell-quote-1.6.1.tgz (Vulnerable Library) |
 Critical |
9.8 | shell-quote-1.6.1.tgz | Upgrade to version: shell-quote - 1.7.3 | None |
CVE-2024-42461Path to dependency file: /server/package.json Path to vulnerable library: /server/package.json Dependency Hierarchy: -> bitcoinjs-message-2.0.0.tgz (Root Library) -> secp256k1-3.7.0.tgz -> ❌ elliptic-6.4.1.tgz (Vulnerable Library) |
Critical |
9.1 | elliptic-6.4.1.tgz | None | |
CVE-2023-46233Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ crypto-js-3.1.9-1.tgz (Vulnerable Library) |
Critical |
9.1 | crypto-js-3.1.9-1.tgz | Upgrade to version: crypto-js - 4.2.0 | None |
CVE-2020-13822Path to dependency file: /server/package.json Path to vulnerable library: /server/package.json Dependency Hierarchy: -> bitcoinjs-message-2.0.0.tgz (Root Library) -> secp256k1-3.7.0.tgz -> ❌ elliptic-6.4.1.tgz (Vulnerable Library) |
 High |
7.7 | elliptic-6.4.1.tgz | Upgrade to version: v6.5.3 | None |
CVE-2022-31129Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ moment-2.24.0.tgz (Vulnerable Library) |
High |
7.5 | moment-2.24.0.tgz | Upgrade to version: moment - 2.29.4 | None |
CVE-2022-24785Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ moment-2.24.0.tgz (Vulnerable Library) |
High |
7.5 | moment-2.24.0.tgz | Upgrade to version: moment - 2.29.2 | None |
CVE-2020-28498Path to dependency file: /server/package.json Path to vulnerable library: /server/package.json Dependency Hierarchy: -> bitcoinjs-message-2.0.0.tgz (Root Library) -> secp256k1-3.7.0.tgz -> ❌ elliptic-6.4.1.tgz (Vulnerable Library) |
 Medium |
6.8 | elliptic-6.4.1.tgz | Upgrade to version: elliptic - 6.5.4 | None |
WS-2019-0427Path to dependency file: /server/package.json Path to vulnerable library: /server/package.json Dependency Hierarchy: -> bitcoinjs-message-2.0.0.tgz (Root Library) -> secp256k1-3.7.0.tgz -> ❌ elliptic-6.4.1.tgz (Vulnerable Library) |
Medium |
5.9 | elliptic-6.4.1.tgz | Upgrade to version: v6.5.2 | None |
WS-2019-0424Path to dependency file: /server/package.json Path to vulnerable library: /server/package.json Dependency Hierarchy: -> bitcoinjs-message-2.0.0.tgz (Root Library) -> secp256k1-3.7.0.tgz -> ❌ elliptic-6.4.1.tgz (Vulnerable Library) |
Medium |
5.9 | elliptic-6.4.1.tgz | Upgrade to version: GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105;Romano.Vue - 1.0.1;org.webjars.npm:elliptic - 6.5.4,6.3.3;VueJS.NetCore - 1.1.1;elliptic - 6.5.3;Indianadavy.VueJsWebAPITemplate.CSharp - 1.0.1;NorDroN.AngularTemplate - 0.1.6;CoreVueWebTest - 3.0.101;dotnetng.template - 1.0.0.4;Fable.Template.Elmish.React - 0.1.6 | None |
CVE-2024-42460Path to dependency file: /server/package.json Path to vulnerable library: /server/package.json Dependency Hierarchy: -> bitcoinjs-message-2.0.0.tgz (Root Library) -> secp256k1-3.7.0.tgz -> ❌ elliptic-6.4.1.tgz (Vulnerable Library) |
Medium |
5.3 | elliptic-6.4.1.tgz | None | |
CVE-2024-42459Path to dependency file: /server/package.json Path to vulnerable library: /server/package.json Dependency Hierarchy: -> bitcoinjs-message-2.0.0.tgz (Root Library) -> secp256k1-3.7.0.tgz -> ❌ elliptic-6.4.1.tgz (Vulnerable Library) |
Medium |
5.3 | elliptic-6.4.1.tgz | Upgrade to version: elliptic - 6.5.7 | None |
CVE-2022-25883Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> npm-run-all-4.1.5.tgz (Root Library) -> cross-spawn-6.0.5.tgz -> ❌ semver-5.7.0.tgz (Vulnerable Library) |
Medium |
5.3 | semver-5.7.0.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | None |
CVE-2021-23362Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> npm-run-all-4.1.5.tgz (Root Library) -> read-pkg-3.0.0.tgz -> normalize-package-data-2.5.0.tgz -> ❌ hosted-git-info-2.7.1.tgz (Vulnerable Library) |
Medium |
5.3 | hosted-git-info-2.7.1.tgz | Upgrade to version: hosted-git-info - 2.8.9,3.0.8 | None |
CVE-2020-36732Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ crypto-js-3.1.9-1.tgz (Vulnerable Library) |
Medium |
5.3 | crypto-js-3.1.9-1.tgz | Upgrade to version: crypto-js - 3.2.1 | None |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2020-28469 | glob-parent-3.1.0.tgz |
| CVE-2021-44906 | minimist-1.2.5.tgz |
| CVE-2017-16137 | debug-3.2.6.tgz |
| CVE-2021-23362 | hosted-git-info-2.8.8.tgz |
| CVE-2021-3807 | ansi-regex-3.0.0.tgz |
| CVE-2020-28498 | elliptic-6.5.3.tgz |
| CVE-2024-43799 | send-0.17.1.tgz |
| CVE-2022-25883 | semver-5.7.1.tgz |
| CVE-2022-33987 | got-6.7.1.tgz |
| CVE-2024-29041 | express-4.17.1.tgz |
| CVE-2022-24785 | moment-2.27.0.tgz |
| CVE-2022-31129 | moment-2.27.0.tgz |
| CVE-2024-43800 | serve-static-1.14.1.tgz |
| CVE-2024-42460 | elliptic-6.5.3.tgz |
| CVE-2022-38900 | decode-uri-component-0.2.0.tgz |
| CVE-2021-42740 | shell-quote-1.7.2.tgz |
| CVE-2020-7788 | ini-1.3.5.tgz |
| CVE-2024-42459 | elliptic-6.5.3.tgz |
| CVE-2024-43796 | express-4.17.1.tgz |
| CVE-2024-45296 | path-to-regexp-0.1.7.tgz |
Base branch total remaining vulnerabilities: 26
Base branch commit: null
Total libraries scanned: 197
Scan token: 9872f3ebaa5d4d6b856fd41359ffa64b