diff --git a/dojo/tools/yarn_audit/parser.py b/dojo/tools/yarn_audit/parser.py index 97da05a71b..ff26ba37b4 100644 --- a/dojo/tools/yarn_audit/parser.py +++ b/dojo/tools/yarn_audit/parser.py @@ -25,6 +25,10 @@ def get_findings(self, json_output, test): lines = lines.split('\n') tree = (json.loads(line) for line in lines if "{" in line) return self.get_items_yarn(tree, test) + elif '"value"' in lines: + lines = lines.split('\n') + tree = (json.loads(line) for line in lines if "{" in line) + return self.get_items_yarn2(tree, test) else: tree = json.loads(lines) return self.get_items_auditci(tree, test) @@ -43,6 +47,39 @@ def get_items_yarn(self, tree, test): raise ValueError(msg, error) return list(items.values()) + def get_items_yarn2(self, tree, test): + items = [] + for element in tree: + value = element.get("value", None) + child = element.get("children") + description = "" + childid = child.get("ID") + childissue = child.get("Issue") + childseverity = child.get("Severity") + child_vuln_version = child.get("Vulnerable Versions") + child_tree_versions = ', '.join(set(child.get("Tree Versions"))) + child_dependents = ', '.join(set(child.get("Dependents"))) + description += childissue + "\n" + description += "**Vulnerable Versions:** " + child_vuln_version + "\n" + description += "**Dependents:** " + child_dependents + "\n" + dojo_finding = Finding( + title=str(childid), + test=test, + severity=self.severitytranslator(severity=childseverity), + description=description, + component_version=str(child_tree_versions), + false_p=False, + duplicate=False, + out_of_scope=False, + mitigated=None, + static_finding=True, + dynamic_finding=False, + ) + items.append(dojo_finding) + if value is not None: + dojo_finding.component_name = value + return items + def get_items_auditci(self, tree, test): # https://github.com/DefectDojo/django-DefectDojo/issues/6495 items = [] for element in tree.get("advisories"): diff --git a/unittests/scans/yarn_audit/yarn2_audit_issue9911.json b/unittests/scans/yarn_audit/yarn2_audit_issue9911.json new file mode 100644 index 0000000000..7963bbcfdd --- /dev/null +++ b/unittests/scans/yarn_audit/yarn2_audit_issue9911.json @@ -0,0 +1,4 @@ +{"value":"@babel/plugin-proposal-class-properties","children":{"ID":"@babel/plugin-proposal-class-properties (deprecation)","Issue":"This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead.","Severity":"moderate","Vulnerable Versions":"7.18.6","Tree Versions":["7.18.6"],"Dependents":["jscodeshift@virtual:95986a29f66ea5c154da709639e46d9f25ab769cdc542a6076b371e193f79e407bbee37bc9d3845bfa503bd700408966c85b5a74356facf4da9a113fd4ce89d9#npm:0.14.0"]}} +{"value":"@babel/plugin-proposal-nullish-coalescing-operator","children":{"ID":"@babel/plugin-proposal-nullish-coalescing-operator (deprecation)","Issue":"This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-nullish-coalescing-operator instead.","Severity":"moderate","Vulnerable Versions":"7.18.6","Tree Versions":["7.18.6"],"Dependents":["jscodeshift@virtual:95986a29f66ea5c154da709639e46d9f25ab769cdc542a6076b371e193f79e407bbee37bc9d3845bfa503bd700408966c85b5a74356facf4da9a113fd4ce89d9#npm:0.14.0"]}} +{"value":"@babel/plugin-proposal-optional-chaining","children":{"ID":"@babel/plugin-proposal-optional-chaining (deprecation)","Issue":"This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-chaining instead.","Severity":"moderate","Vulnerable Versions":"7.21.0","Tree Versions":["7.21.0"],"Dependents":["jscodeshift@virtual:95986a29f66ea5c154da709639e46d9f25ab769cdc542a6076b371e193f79e407bbee37bc9d3845bfa503bd700408966c85b5a74356facf4da9a113fd4ce89d9#npm:0.14.0"]}} +{"value":"transformers","children":{"ID":1096536,"Issue":"Transformers Deserialization of Untrusted Data vulnerability","URL":"https://github.com/advisories/GHSA-37q5-v5qm-c9v8","Severity":"low","Vulnerable Versions":"< 4.38.0","Tree Versions":["4.38"],"Dependents":["test@npm:1.13.0"]}} \ No newline at end of file diff --git a/unittests/scans/yarn_audit/yarn_audit_multiple_cwes.json b/unittests/scans/yarn_audit/yarn_audit_multiple_cwes.json index ae94444f8c..6670b66991 100644 --- a/unittests/scans/yarn_audit/yarn_audit_multiple_cwes.json +++ b/unittests/scans/yarn_audit/yarn_audit_multiple_cwes.json @@ -1,12 +1,12 @@ {"type":"auditAdvisory","data":{"resolution":{"id":1028248,"path":"react-native-svg>css-select>nth-check","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.0.2","paths":["react-native-svg>css-select>nth-check"]}],"metadata":null,"vulnerable_versions":"<2.0.1","module_name":"nth-check","severity":"moderate","github_advisory_id":"GHSA-rp65-9cf3-cjxr","cves":["CVE-2021-3803"],"access":"public","patched_versions":">=2.0.1","cvss":{"score":7.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-09-20T20:15:09.000Z","recommendation":"Upgrade to version 2.0.1 or later","cwe":"[\"CWE-1333\"]","found_by":null,"deleted":null,"id":1028248,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-3803\n- https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726\n- https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0\n- https://github.com/advisories/GHSA-rp65-9cf3-cjxr","created":"2022-03-06T16:00:42.621Z","reported_by":null,"title":"Inefficient Regular Expression Complexity in nth-check","npm_advisory_id":null,"overview":"nth-check is vulnerable to Inefficient Regular Expression Complexity","url":"https://github.com/advisories/GHSA-rp65-9cf3-cjxr"}}} - {"type":"auditAdvisory","data":{"resolution":{"id":1028029,"path":"react-native>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"2.6.5","paths":["react-native>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch"]},{"version":"2.6.5","paths":["react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro-config>metro>node-fetch"]}],"metadata":null,"vulnerable_versions":"<2.6.7","module_name":"node-fetch","severity":"high","github_advisory_id":"GHSA-r683-j2x4-v87g","cves":["CVE-2022-0235"],"access":"public","patched_versions":">=2.6.7","cvss":{"score":8.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},"updated":"2022-01-23T01:52:43.000Z","recommendation":"Upgrade to version 2.6.7 or later","cwe":"[\"CWE-173\",\"CWE-200\",\"CWE-601\"]","found_by":null,"deleted":null,"id":1028029,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-0235\n- https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10\n- https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7\n- https://github.com/node-fetch/node-fetch/pull/1453\n- https://github.com/advisories/GHSA-r683-j2x4-v87g","created":"2022-03-06T16:00:42.588Z","reported_by":null,"title":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","npm_advisory_id":null,"overview":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","url":"https://github.com/advisories/GHSA-r683-j2x4-v87g"}}} - {"type":"auditAdvisory","data":{"resolution":{"id":1028029,"path":"react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-tools>node-fetch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"2.6.5","paths":["react-native>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch"]},{"version":"2.6.5","paths":["react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro-config>metro>node-fetch"]}],"metadata":null,"vulnerable_versions":"<2.6.7","module_name":"node-fetch","severity":"high","github_advisory_id":"GHSA-r683-j2x4-v87g","cves":["CVE-2022-0235"],"access":"public","patched_versions":">=2.6.7","cvss":{"score":8.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},"updated":"2022-01-23T01:52:43.000Z","recommendation":"Upgrade to version 2.6.7 or later","cwe":"[\"CWE-173\",\"CWE-200\",\"CWE-601\"]","found_by":null,"deleted":null,"id":1028029,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-0235\n- https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10\n- https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7\n- https://github.com/node-fetch/node-fetch/pull/1453\n- https://github.com/advisories/GHSA-r683-j2x4-v87g","created":"2022-03-06T16:00:42.588Z","reported_by":null,"title":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","npm_advisory_id":null,"overview":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","url":"https://github.com/advisories/GHSA-r683-j2x4-v87g"}}} - {"type":"auditAdvisory","data":{"resolution":{"id":1028029,"path":"react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"2.6.5","paths":["react-native>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch"]},{"version":"2.6.5","paths":["react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro-config>metro>node-fetch"]}],"metadata":null,"vulnerable_versions":"<2.6.7","module_name":"node-fetch","severity":"high","github_advisory_id":"GHSA-r683-j2x4-v87g","cves":["CVE-2022-0235"],"access":"public","patched_versions":">=2.6.7","cvss":{"score":8.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},"updated":"2022-01-23T01:52:43.000Z","recommendation":"Upgrade to version 2.6.7 or later","cwe":"[\"CWE-173\",\"CWE-200\",\"CWE-601\"]","found_by":null,"deleted":null,"id":1028029,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-0235\n- https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10\n- https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7\n- https://github.com/node-fetch/node-fetch/pull/1453\n- https://github.com/advisories/GHSA-r683-j2x4-v87g","created":"2022-03-06T16:00:42.588Z","reported_by":null,"title":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","npm_advisory_id":null,"overview":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","url":"https://github.com/advisories/GHSA-r683-j2x4-v87g"}}} - {"type":"auditAdvisory","data":{"resolution":{"id":1028029,"path":"react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro>node-fetch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"2.6.5","paths":["react-native>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch"]},{"version":"2.6.5","paths":["react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro-config>metro>node-fetch"]}],"metadata":null,"vulnerable_versions":"<2.6.7","module_name":"node-fetch","severity":"high","github_advisory_id":"GHSA-r683-j2x4-v87g","cves":["CVE-2022-0235"],"access":"public","patched_versions":">=2.6.7","cvss":{"score":8.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},"updated":"2022-01-23T01:52:43.000Z","recommendation":"Upgrade to version 2.6.7 or later","cwe":"[\"CWE-173\",\"CWE-200\",\"CWE-601\"]","found_by":null,"deleted":null,"id":1028029,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-0235\n- https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10\n- https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7\n- https://github.com/node-fetch/node-fetch/pull/1453\n- https://github.com/advisories/GHSA-r683-j2x4-v87g","created":"2022-03-06T16:00:42.588Z","reported_by":null,"title":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","npm_advisory_id":null,"overview":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","url":"https://github.com/advisories/GHSA-r683-j2x4-v87g"}}} - {"type":"auditAdvisory","data":{"resolution":{"id":1028029,"path":"react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro-config>metro>node-fetch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"2.6.5","paths":["react-native>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch"]},{"version":"2.6.5","paths":["react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro-config>metro>node-fetch"]}],"metadata":null,"vulnerable_versions":"<2.6.7","module_name":"node-fetch","severity":"high","github_advisory_id":"GHSA-r683-j2x4-v87g","cves":["CVE-2022-0235"],"access":"public","patched_versions":">=2.6.7","cvss":{"score":8.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},"updated":"2022-01-23T01:52:43.000Z","recommendation":"Upgrade to version 2.6.7 or later","cwe":"[\"CWE-173\",\"CWE-200\",\"CWE-601\"]","found_by":null,"deleted":null,"id":1028029,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-0235\n- https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10\n- https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7\n- https://github.com/node-fetch/node-fetch/pull/1453\n- https://github.com/advisories/GHSA-r683-j2x4-v87g","created":"2022-03-06T16:00:42.588Z","reported_by":null,"title":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","npm_advisory_id":null,"overview":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","url":"https://github.com/advisories/GHSA-r683-j2x4-v87g"}}} - {"type":"auditAdvisory","data":{"resolution":{"id":1028226,"path":"react-native>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.1.0","paths":["react-native>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>ora>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-types>ora>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>strip-ansi>ansi-regex"]}],"metadata":null,"vulnerable_versions":">2.1.1 <5.0.1","module_name":"ansi-regex","severity":"moderate","github_advisory_id":"GHSA-93q8-gq69-wqmw","cves":["CVE-2021-3807"],"access":"public","patched_versions":">=5.0.1","cvss":{"score":7.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-09-23T15:45:50.000Z","recommendation":"Upgrade to version 5.0.1 or later","cwe":"[\"CWE-918\",\"CWE-1333\"]","found_by":null,"deleted":null,"id":1028226,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw","created":"2022-03-06T16:00:42.619Z","reported_by":null,"title":" Inefficient Regular Expression Complexity in chalk/ansi-regex","npm_advisory_id":null,"overview":"ansi-regex is vulnerable to Inefficient Regular Expression Complexity","url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw"}}} - {"type":"auditAdvisory","data":{"resolution":{"id":1028226,"path":"react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.1.0","paths":["react-native>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>ora>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-types>ora>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>strip-ansi>ansi-regex"]}],"metadata":null,"vulnerable_versions":">2.1.1 <5.0.1","module_name":"ansi-regex","severity":"moderate","github_advisory_id":"GHSA-93q8-gq69-wqmw","cves":["CVE-2021-3807"],"access":"public","patched_versions":">=5.0.1","cvss":{"score":7.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-09-23T15:45:50.000Z","recommendation":"Upgrade to version 5.0.1 or later","cwe":"[\"CWE-918\",\"CWE-1333\"]","found_by":null,"deleted":null,"id":1028226,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw","created":"2022-03-06T16:00:42.619Z","reported_by":null,"title":" Inefficient Regular Expression Complexity in chalk/ansi-regex","npm_advisory_id":null,"overview":"ansi-regex is vulnerable to Inefficient Regular Expression Complexity","url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw"}}} - {"type":"auditAdvisory","data":{"resolution":{"id":1028226,"path":"react-native>@react-native-community/cli>ora>strip-ansi>ansi-regex","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.1.0","paths":["react-native>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>ora>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-types>ora>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>strip-ansi>ansi-regex"]}],"metadata":null,"vulnerable_versions":">2.1.1 <5.0.1","module_name":"ansi-regex","severity":"moderate","github_advisory_id":"GHSA-93q8-gq69-wqmw","cves":["CVE-2021-3807"],"access":"public","patched_versions":">=5.0.1","cvss":{"score":7.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-09-23T15:45:50.000Z","recommendation":"Upgrade to version 5.0.1 or later","cwe":"[\"CWE-918\",\"CWE-1333\"]","found_by":null,"deleted":null,"id":1028226,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw","created":"2022-03-06T16:00:42.619Z","reported_by":null,"title":" Inefficient Regular Expression Complexity in chalk/ansi-regex","npm_advisory_id":null,"overview":"ansi-regex is vulnerable to Inefficient Regular Expression Complexity","url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw"}}} - {"type":"auditAdvisory","data":{"resolution":{"id":1028226,"path":"react-native>@react-native-community/cli>@react-native-community/cli-types>ora>strip-ansi>ansi-regex","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.1.0","paths":["react-native>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>ora>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-types>ora>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>strip-ansi>ansi-regex"]}],"metadata":null,"vulnerable_versions":">2.1.1 <5.0.1","module_name":"ansi-regex","severity":"moderate","github_advisory_id":"GHSA-93q8-gq69-wqmw","cves":["CVE-2021-3807"],"access":"public","patched_versions":">=5.0.1","cvss":{"score":7.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-09-23T15:45:50.000Z","recommendation":"Upgrade to version 5.0.1 or later","cwe":"[\"CWE-918\",\"CWE-1333\"]","found_by":null,"deleted":null,"id":1028226,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw","created":"2022-03-06T16:00:42.619Z","reported_by":null,"title":" Inefficient Regular Expression Complexity in chalk/ansi-regex","npm_advisory_id":null,"overview":"ansi-regex is vulnerable to Inefficient Regular Expression Complexity","url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw"}}} - {"type":"auditAdvisory","data":{"resolution":{"id":1028226,"path":"react-native>@react-native-community/cli>strip-ansi>ansi-regex","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.1.0","paths":["react-native>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>ora>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-types>ora>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>strip-ansi>ansi-regex"]}],"metadata":null,"vulnerable_versions":">2.1.1 <5.0.1","module_name":"ansi-regex","severity":"moderate","github_advisory_id":"GHSA-93q8-gq69-wqmw","cves":["CVE-2021-3807"],"access":"public","patched_versions":">=5.0.1","cvss":{"score":7.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-09-23T15:45:50.000Z","recommendation":"Upgrade to version 5.0.1 or later","cwe":"[]","found_by":null,"deleted":null,"id":1028226,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw","created":"2022-03-06T16:00:42.619Z","reported_by":null,"title":" Inefficient Regular Expression Complexity in chalk/ansi-regex","npm_advisory_id":null,"overview":"ansi-regex is vulnerable to Inefficient Regular Expression Complexity","url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw"}}} - {"type":"auditSummary","data":{"vulnerabilities":{"info":0,"low":0,"moderate":6,"high":5,"critical":0},"dependencies":923,"devDependencies":0,"optionalDependencies":0,"totalDependencies":923}} \ No newline at end of file +{"type":"auditAdvisory","data":{"resolution":{"id":1028029,"path":"react-native>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"2.6.5","paths":["react-native>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch"]},{"version":"2.6.5","paths":["react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro-config>metro>node-fetch"]}],"metadata":null,"vulnerable_versions":"<2.6.7","module_name":"node-fetch","severity":"high","github_advisory_id":"GHSA-r683-j2x4-v87g","cves":["CVE-2022-0235"],"access":"public","patched_versions":">=2.6.7","cvss":{"score":8.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},"updated":"2022-01-23T01:52:43.000Z","recommendation":"Upgrade to version 2.6.7 or later","cwe":"[\"CWE-173\",\"CWE-200\",\"CWE-601\"]","found_by":null,"deleted":null,"id":1028029,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-0235\n- https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10\n- https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7\n- https://github.com/node-fetch/node-fetch/pull/1453\n- https://github.com/advisories/GHSA-r683-j2x4-v87g","created":"2022-03-06T16:00:42.588Z","reported_by":null,"title":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","npm_advisory_id":null,"overview":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","url":"https://github.com/advisories/GHSA-r683-j2x4-v87g"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1028029,"path":"react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-tools>node-fetch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"2.6.5","paths":["react-native>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch"]},{"version":"2.6.5","paths":["react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro-config>metro>node-fetch"]}],"metadata":null,"vulnerable_versions":"<2.6.7","module_name":"node-fetch","severity":"high","github_advisory_id":"GHSA-r683-j2x4-v87g","cves":["CVE-2022-0235"],"access":"public","patched_versions":">=2.6.7","cvss":{"score":8.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},"updated":"2022-01-23T01:52:43.000Z","recommendation":"Upgrade to version 2.6.7 or later","cwe":"[\"CWE-173\",\"CWE-200\",\"CWE-601\"]","found_by":null,"deleted":null,"id":1028029,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-0235\n- https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10\n- https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7\n- https://github.com/node-fetch/node-fetch/pull/1453\n- https://github.com/advisories/GHSA-r683-j2x4-v87g","created":"2022-03-06T16:00:42.588Z","reported_by":null,"title":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","npm_advisory_id":null,"overview":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","url":"https://github.com/advisories/GHSA-r683-j2x4-v87g"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1028029,"path":"react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"2.6.5","paths":["react-native>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch"]},{"version":"2.6.5","paths":["react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro-config>metro>node-fetch"]}],"metadata":null,"vulnerable_versions":"<2.6.7","module_name":"node-fetch","severity":"high","github_advisory_id":"GHSA-r683-j2x4-v87g","cves":["CVE-2022-0235"],"access":"public","patched_versions":">=2.6.7","cvss":{"score":8.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},"updated":"2022-01-23T01:52:43.000Z","recommendation":"Upgrade to version 2.6.7 or later","cwe":"[\"CWE-173\",\"CWE-200\",\"CWE-601\"]","found_by":null,"deleted":null,"id":1028029,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-0235\n- https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10\n- https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7\n- https://github.com/node-fetch/node-fetch/pull/1453\n- https://github.com/advisories/GHSA-r683-j2x4-v87g","created":"2022-03-06T16:00:42.588Z","reported_by":null,"title":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","npm_advisory_id":null,"overview":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","url":"https://github.com/advisories/GHSA-r683-j2x4-v87g"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1028029,"path":"react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro>node-fetch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"2.6.5","paths":["react-native>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch"]},{"version":"2.6.5","paths":["react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro-config>metro>node-fetch"]}],"metadata":null,"vulnerable_versions":"<2.6.7","module_name":"node-fetch","severity":"high","github_advisory_id":"GHSA-r683-j2x4-v87g","cves":["CVE-2022-0235"],"access":"public","patched_versions":">=2.6.7","cvss":{"score":8.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},"updated":"2022-01-23T01:52:43.000Z","recommendation":"Upgrade to version 2.6.7 or later","cwe":"[\"CWE-173\",\"CWE-200\",\"CWE-601\"]","found_by":null,"deleted":null,"id":1028029,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-0235\n- https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10\n- https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7\n- https://github.com/node-fetch/node-fetch/pull/1453\n- https://github.com/advisories/GHSA-r683-j2x4-v87g","created":"2022-03-06T16:00:42.588Z","reported_by":null,"title":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","npm_advisory_id":null,"overview":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","url":"https://github.com/advisories/GHSA-r683-j2x4-v87g"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1028029,"path":"react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro-config>metro>node-fetch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"2.6.5","paths":["react-native>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch"]},{"version":"2.6.5","paths":["react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro-config>metro>node-fetch"]}],"metadata":null,"vulnerable_versions":"<2.6.7","module_name":"node-fetch","severity":"high","github_advisory_id":"GHSA-r683-j2x4-v87g","cves":["CVE-2022-0235"],"access":"public","patched_versions":">=2.6.7","cvss":{"score":8.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},"updated":"2022-01-23T01:52:43.000Z","recommendation":"Upgrade to version 2.6.7 or later","cwe":"[\"CWE-173\",\"CWE-200\",\"CWE-601\"]","found_by":null,"deleted":null,"id":1028029,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-0235\n- https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10\n- https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7\n- https://github.com/node-fetch/node-fetch/pull/1453\n- https://github.com/advisories/GHSA-r683-j2x4-v87g","created":"2022-03-06T16:00:42.588Z","reported_by":null,"title":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","npm_advisory_id":null,"overview":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","url":"https://github.com/advisories/GHSA-r683-j2x4-v87g"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1028226,"path":"react-native>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.1.0","paths":["react-native>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>ora>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-types>ora>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>strip-ansi>ansi-regex"]}],"metadata":null,"vulnerable_versions":">2.1.1 <5.0.1","module_name":"ansi-regex","severity":"moderate","github_advisory_id":"GHSA-93q8-gq69-wqmw","cves":["CVE-2021-3807"],"access":"public","patched_versions":">=5.0.1","cvss":{"score":7.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-09-23T15:45:50.000Z","recommendation":"Upgrade to version 5.0.1 or later","cwe":"[\"CWE-918\",\"CWE-1333\"]","found_by":null,"deleted":null,"id":1028226,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw","created":"2022-03-06T16:00:42.619Z","reported_by":null,"title":" Inefficient Regular Expression Complexity in chalk/ansi-regex","npm_advisory_id":null,"overview":"ansi-regex is vulnerable to Inefficient Regular Expression Complexity","url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1028226,"path":"react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.1.0","paths":["react-native>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>ora>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-types>ora>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>strip-ansi>ansi-regex"]}],"metadata":null,"vulnerable_versions":">2.1.1 <5.0.1","module_name":"ansi-regex","severity":"moderate","github_advisory_id":"GHSA-93q8-gq69-wqmw","cves":["CVE-2021-3807"],"access":"public","patched_versions":">=5.0.1","cvss":{"score":7.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-09-23T15:45:50.000Z","recommendation":"Upgrade to version 5.0.1 or later","cwe":"[\"CWE-918\",\"CWE-1333\"]","found_by":null,"deleted":null,"id":1028226,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw","created":"2022-03-06T16:00:42.619Z","reported_by":null,"title":" Inefficient Regular Expression Complexity in chalk/ansi-regex","npm_advisory_id":null,"overview":"ansi-regex is vulnerable to Inefficient Regular Expression Complexity","url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1028226,"path":"react-native>@react-native-community/cli>ora>strip-ansi>ansi-regex","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.1.0","paths":["react-native>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>ora>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-types>ora>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>strip-ansi>ansi-regex"]}],"metadata":null,"vulnerable_versions":">2.1.1 <5.0.1","module_name":"ansi-regex","severity":"moderate","github_advisory_id":"GHSA-93q8-gq69-wqmw","cves":["CVE-2021-3807"],"access":"public","patched_versions":">=5.0.1","cvss":{"score":7.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-09-23T15:45:50.000Z","recommendation":"Upgrade to version 5.0.1 or later","cwe":"[\"CWE-918\",\"CWE-1333\"]","found_by":null,"deleted":null,"id":1028226,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw","created":"2022-03-06T16:00:42.619Z","reported_by":null,"title":" Inefficient Regular Expression Complexity in chalk/ansi-regex","npm_advisory_id":null,"overview":"ansi-regex is vulnerable to Inefficient Regular Expression Complexity","url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1028226,"path":"react-native>@react-native-community/cli>@react-native-community/cli-types>ora>strip-ansi>ansi-regex","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.1.0","paths":["react-native>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>ora>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-types>ora>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>strip-ansi>ansi-regex"]}],"metadata":null,"vulnerable_versions":">2.1.1 <5.0.1","module_name":"ansi-regex","severity":"moderate","github_advisory_id":"GHSA-93q8-gq69-wqmw","cves":["CVE-2021-3807"],"access":"public","patched_versions":">=5.0.1","cvss":{"score":7.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-09-23T15:45:50.000Z","recommendation":"Upgrade to version 5.0.1 or later","cwe":"[\"CWE-918\",\"CWE-1333\"]","found_by":null,"deleted":null,"id":1028226,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw","created":"2022-03-06T16:00:42.619Z","reported_by":null,"title":" Inefficient Regular Expression Complexity in chalk/ansi-regex","npm_advisory_id":null,"overview":"ansi-regex is vulnerable to Inefficient Regular Expression Complexity","url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1028226,"path":"react-native>@react-native-community/cli>strip-ansi>ansi-regex","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.1.0","paths":["react-native>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>ora>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-types>ora>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>strip-ansi>ansi-regex"]}],"metadata":null,"vulnerable_versions":">2.1.1 <5.0.1","module_name":"ansi-regex","severity":"moderate","github_advisory_id":"GHSA-93q8-gq69-wqmw","cves":["CVE-2021-3807"],"access":"public","patched_versions":">=5.0.1","cvss":{"score":7.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-09-23T15:45:50.000Z","recommendation":"Upgrade to version 5.0.1 or later","cwe":"[]","found_by":null,"deleted":null,"id":1028226,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw","created":"2022-03-06T16:00:42.619Z","reported_by":null,"title":" Inefficient Regular Expression Complexity in chalk/ansi-regex","npm_advisory_id":null,"overview":"ansi-regex is vulnerable to Inefficient Regular Expression Complexity","url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw"}}} +{"type":"auditSummary","data":{"vulnerabilities":{"info":0,"low":0,"moderate":6,"high":5,"critical":0},"dependencies":923,"devDependencies":0,"optionalDependencies":0,"totalDependencies":923}} \ No newline at end of file diff --git a/unittests/tools/test_yarn_audit_parser.py b/unittests/tools/test_yarn_audit_parser.py index 3a3c587fdf..2a43e6222a 100644 --- a/unittests/tools/test_yarn_audit_parser.py +++ b/unittests/tools/test_yarn_audit_parser.py @@ -77,7 +77,17 @@ def test_yarn_audit_parser_issue_6495(self): with open("unittests/scans/yarn_audit/issue_6495.json") as testfile: parser = YarnAuditParser() findings = parser.get_findings(testfile, self.get_test()) + testfile.close() self.assertEqual(3, len(findings)) self.assertEqual(findings[0].cwe, "1321") self.assertEqual(findings[1].unsaved_vulnerability_ids[0], "CVE-2022-25851") self.assertEqual(findings[1].cve, None) + + def test_yarn_audit_parser_yarn2_audit_issue9911(self): + with open("unittests/scans/yarn_audit/yarn2_audit_issue9911.json") as testfile: + parser = YarnAuditParser() + findings = parser.get_findings(testfile, self.get_test()) + testfile.close() + self.assertEqual(4, len(findings)) + self.assertEqual(findings[0].title, "@babel/plugin-proposal-class-properties (deprecation)") + self.assertEqual(findings[1].severity, "Medium")