From b7590104f8cfdd6b928b624f7541b6f091d52516 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Aug 2024 19:08:53 +0000 Subject: [PATCH 1/9] Bump elliptic from 6.5.4 to 6.5.7 Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.4 to 6.5.7. - [Commits](https://github.com/indutny/elliptic/compare/v6.5.4...v6.5.7) --- updated-dependencies: - dependency-name: elliptic dependency-type: indirect ... Signed-off-by: dependabot[bot] --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index 87e971c9fe..116446b910 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6031,9 +6031,9 @@ electron-to-chromium@^1.4.251: integrity sha512-7mHFONwp7MNvdyto1v70fCwk28NJMFgsK79op+iYHzz1BLE8T66a1B2qW5alb8XgE0yi3FL3ZQjSYZpJpF6snw== elliptic@^6.5.3, elliptic@^6.5.4: - version "6.5.4" - resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.4.tgz#da37cebd31e79a1367e941b592ed1fbebd58abbb" - integrity sha512-iLhC6ULemrljPZb+QutR5TQGB+pdW6KGD5RSegS+8sorOZT+rdQFbsQFJgvN3eRqNALqJer4oQ16YvJHlU8hzQ== + version "6.5.7" + resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.7.tgz#8ec4da2cb2939926a1b9a73619d768207e647c8b" + integrity sha512-ESVCtTwiA+XhY3wyh24QqRGBoP3rEdDUl3EDUUo9tft074fi19IrdpH7hLCMMP3CIj7jb3W96rn8lt/BqIlt5Q== dependencies: bn.js "^4.11.9" brorand "^1.1.0" From 4c1bb9b575edc1a6a19484d8f6d093c0946656f4 Mon Sep 17 00:00:00 2001 From: Matt Bevilacqua Date: Wed, 21 Aug 2024 15:26:49 -0400 Subject: [PATCH 2/9] Fix deduping issue --- src/goalServices/helpers.js | 1 + 1 file changed, 1 insertion(+) diff --git a/src/goalServices/helpers.js b/src/goalServices/helpers.js index 9f7911662e..0722e8c5b9 100644 --- a/src/goalServices/helpers.js +++ b/src/goalServices/helpers.js @@ -21,6 +21,7 @@ const findOrFailExistingGoal = (needle, haystack, translate = goalFieldTransate) g[translate.status] === needle.status && g[translate.name].trim() === needle.name.trim() && g[translate.source] === needle.source + && g.isFei === needle.dataValues.isFei && g[translate.responsesForComparison] === responsesForComparison(needle) && ( // Check if both needle and haystack goal have no valid collaborators From 8bd69a55048dbfa1cb7ebaa85f1080728039eb24 Mon Sep 17 00:00:00 2001 From: GarrettEHill Date: Mon, 26 Aug 2024 13:21:43 -0700 Subject: [PATCH 3/9] Update postgrescli_install.sh --- automation/common/scripts/postgrescli_install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automation/common/scripts/postgrescli_install.sh b/automation/common/scripts/postgrescli_install.sh index ca99c7b76d..a056c01097 100644 --- a/automation/common/scripts/postgrescli_install.sh +++ b/automation/common/scripts/postgrescli_install.sh @@ -221,9 +221,9 @@ function cleanup() { # Main function to control workflow function main() { - local deb_url="http://security.debian.org/debian-security/pool/updates/main/p/postgresql-15/postgresql-client-15_15.6-0+deb12u1_amd64.deb" + local deb_url="https://security.debian.org/debian-security/pool/updates/main/p/postgresql-15/postgresql-client-15_15.8-0+deb12u1_amd64.deb" local deb_file="/tmp/postgresql.deb" - local deb_sha256="f601421f0f075c78df0ee289fbe075f38f52d08362ff2907d1710c26d5e53c39" + local deb_sha256="e88cfe7aa8548f8461dcbd56f69a1bb365affcd380469f705aca697fc2146994" local bin_dir="/tmp/local/bin" local tools=("pg_dump" "pg_isready" "pg_restore" "psql" "reindexdb" "vacuumdb") From e72d4754635c9caaf3eae62dbfcf569e95fba29a Mon Sep 17 00:00:00 2001 From: GarrettEHill Date: Mon, 26 Aug 2024 13:44:33 -0700 Subject: [PATCH 4/9] Update yarn-audit-known-issues --- yarn-audit-known-issues | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/yarn-audit-known-issues b/yarn-audit-known-issues index 18855f36ac..f338b97612 100644 --- a/yarn-audit-known-issues +++ b/yarn-audit-known-issues @@ -1,7 +1,23 @@ {"type":"auditAdvisory","data":{"resolution":{"id":1096366,"path":"email-templates>preview-email>mailparser>nodemailer","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"6.7.3","paths":["email-templates>preview-email>mailparser>nodemailer"]}],"metadata":null,"vulnerable_versions":"<=6.9.8","module_name":"nodemailer","severity":"moderate","github_advisory_id":"GHSA-9h6g-pr28-7cqp","cves":[],"access":"public","patched_versions":">=6.9.9","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-02-01T17:58:50.000Z","recommendation":"Upgrade to version 6.9.9 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1096366,"references":"- https://github.com/nodemailer/nodemailer/security/advisories/GHSA-9h6g-pr28-7cqp\n- https://gist.github.com/francoatmega/890dd5053375333e40c6fdbcc8c58df6\n- https://gist.github.com/francoatmega/9aab042b0b24968d7b7039818e8b2698\n- https://github.com/nodemailer/nodemailer/commit/dd8f5e8a4ddc99992e31df76bcff9c590035cd4a\n- https://github.com/advisories/GHSA-9h6g-pr28-7cqp","created":"2024-01-31T22:42:54.000Z","reported_by":null,"title":"nodemailer ReDoS when trying to send a specially crafted email","npm_advisory_id":null,"overview":"### Summary\nA ReDoS vulnerability occurs when nodemailer tries to parse img files with the parameter `attachDataUrls` set, causing the stuck of event loop. \nAnother flaw was found when nodemailer tries to parse an attachments with a embedded file, causing the stuck of event loop. \n\n### Details\n\nRegex: /^data:((?:[^;]*;)*(?:[^,]*)),(.*)$/\n\nPath: compile -> getAttachments -> _processDataUrl\n\nRegex: /(]* src\\s*=[\\s\"']*)(data:([^;]+);[^\"'>\\s]+)/\n\nPath: _convertDataImages\n\n### PoC\n\nhttps://gist.github.com/francoatmega/890dd5053375333e40c6fdbcc8c58df6\nhttps://gist.github.com/francoatmega/9aab042b0b24968d7b7039818e8b2698\n\n### Impact\n\nReDoS causes the event loop to stuck a specially crafted evil email can cause this problem.\n","url":"https://github.com/advisories/GHSA-9h6g-pr28-7cqp"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098392,"path":"puppeteer>ws","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"8.5.0","paths":["puppeteer>ws"]}],"metadata":null,"vulnerable_versions":">=8.0.0 <8.17.1","module_name":"ws","severity":"high","github_advisory_id":"GHSA-3h5v-q93c-6h6q","cves":["CVE-2024-37890"],"access":"public","patched_versions":">=8.17.1","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2024-08-05T05:02:34.000Z","recommendation":"Upgrade to version 8.17.1 or later","cwe":["CWE-476"],"found_by":null,"deleted":null,"id":1098392,"references":"- https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q\n- https://github.com/websockets/ws/issues/2230\n- https://github.com/websockets/ws/pull/2231\n- https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f\n- https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e\n- https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c\n- https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63\n- https://github.com/advisories/GHSA-3h5v-q93c-6h6q","created":"2024-06-17T19:09:10.000Z","reported_by":null,"title":"ws affected by a DoS when handling a request with many HTTP headers","npm_advisory_id":null,"overview":"### Impact\n\nA request with a number of headers exceeding the[`server.maxHeadersCount`][] threshold could be used to crash a ws server.\n\n### Proof of concept\n\n```js\nconst http = require('http');\nconst WebSocket = require('ws');\n\nconst wss = new WebSocket.Server({ port: 0 }, function () {\n const chars = \"!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~\".split('');\n const headers = {};\n let count = 0;\n\n for (let i = 0; i < chars.length; i++) {\n if (count === 2000) break;\n\n for (let j = 0; j < chars.length; j++) {\n const key = chars[i] + chars[j];\n headers[key] = 'x';\n\n if (++count === 2000) break;\n }\n }\n\n headers.Connection = 'Upgrade';\n headers.Upgrade = 'websocket';\n headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';\n headers['Sec-WebSocket-Version'] = '13';\n\n const request = http.request({\n headers: headers,\n host: '127.0.0.1',\n port: wss.address().port\n });\n\n request.end();\n});\n```\n\n### Patches\n\nThe vulnerability was fixed in ws@8.17.1 (https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c) and backported to ws@7.5.10 (https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f), ws@6.2.3 (https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63), and ws@5.2.4 (https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e)\n\n### Workarounds\n\nIn vulnerable versions of ws, the issue can be mitigated in the following ways:\n\n1. Reduce the maximum allowed length of the request headers using the [`--max-http-header-size=size`][] and/or the [`maxHeaderSize`][] options so that no more headers than the `server.maxHeadersCount` limit can be sent.\n2. Set `server.maxHeadersCount` to `0` so that no limit is applied.\n\n### Credits\n\nThe vulnerability was reported by [Ryan LaPointe](https://github.com/rrlapointe) in https://github.com/websockets/ws/issues/2230.\n\n### References\n\n- https://github.com/websockets/ws/issues/2230\n- https://github.com/websockets/ws/pull/2231\n\n[`--max-http-header-size=size`]: https://nodejs.org/api/cli.html#--max-http-header-sizesize\n[`maxHeaderSize`]: https://nodejs.org/api/http.html#httpcreateserveroptions-requestlistener\n[`server.maxHeadersCount`]: https://nodejs.org/api/http.html#servermaxheaderscount\n","url":"https://github.com/advisories/GHSA-3h5v-q93c-6h6q"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098583,"path":"newrelic>@newrelic/security-agent>axios","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.6.0","paths":["@axe-core/cli>chromedriver>axios"]},{"version":"1.6.0","paths":["newrelic>@newrelic/security-agent>axios"]},{"version":"1.6.1","paths":["smartsheet>axios"]}],"metadata":null,"vulnerable_versions":">=1.3.2 <=1.7.3","module_name":"axios","severity":"high","github_advisory_id":"GHSA-8hc4-vh64-cxmj","cves":["CVE-2024-39338"],"access":"public","patched_versions":">=1.7.4","cvss":{"score":0,"vectorString":null},"updated":"2024-08-13T19:53:25.000Z","recommendation":"Upgrade to version 1.7.4 or later","cwe":["CWE-918"],"found_by":null,"deleted":null,"id":1098583,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-39338\n- https://github.com/axios/axios/releases\n- https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html\n- https://github.com/axios/axios/issues/6463\n- https://github.com/axios/axios/pull/6539\n- https://github.com/axios/axios/pull/6543\n- https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a\n- https://github.com/axios/axios/releases/tag/v1.7.4\n- https://github.com/advisories/GHSA-8hc4-vh64-cxmj","created":"2024-08-12T15:30:49.000Z","reported_by":null,"title":"Server-Side Request Forgery in axios","npm_advisory_id":null,"overview":"axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.","url":"https://github.com/advisories/GHSA-8hc4-vh64-cxmj"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>babel-jest>@jest/transform>jest-haste-map>sane>anymatch>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.7","paths":["jest-cli>jest-util>micromatch","@types/jest>expect>jest-message-util>micromatch","@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>babel-jest>@jest/transform>jest-haste-map>sane>anymatch>micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} {"type":"auditAdvisory","data":{"resolution":{"id":1098559,"path":"newrelic>@newrelic/security-agent>@aws-sdk/client-lambda>@aws-sdk/client-sts>fast-xml-parser","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.2.5","paths":["newrelic>@newrelic/security-agent>@aws-sdk/client-lambda>@aws-sdk/client-sts>fast-xml-parser"]}],"metadata":null,"vulnerable_versions":"<4.4.1","module_name":"fast-xml-parser","severity":"high","github_advisory_id":"GHSA-mpg4-rc92-vx8v","cves":["CVE-2024-41818"],"access":"public","patched_versions":">=4.4.1","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2024-08-08T05:10:58.000Z","recommendation":"Upgrade to version 4.4.1 or later","cwe":["CWE-400"],"found_by":null,"deleted":null,"id":1098559,"references":"- https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-mpg4-rc92-vx8v\n- https://github.com/NaturalIntelligence/fast-xml-parser/commit/d0bfe8a3a2813a185f39591bbef222212d856164\n- https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/src/v5/valueParsers/currency.js#L10\n- https://nvd.nist.gov/vuln/detail/CVE-2024-41818\n- https://github.com/advisories/GHSA-mpg4-rc92-vx8v","created":"2024-07-29T17:46:16.000Z","reported_by":null,"title":"fast-xml-parser vulnerable to ReDOS at currency parsing","npm_advisory_id":null,"overview":"### Summary\nA ReDOS exists on currency.js was discovered by Gauss Security Labs R&D team.\n\n### Details\nhttps://github.com/NaturalIntelligence/fast-xml-parser/blob/master/src/v5/valueParsers/currency.js#L10\ncontains a vulnerable regex \n\n### PoC\npass the following string '\\t'.repeat(13337) + '.'\n\n### Impact\nDenial of service during currency parsing in experimental version 5 of fast-xml-parser-library\n\nhttps://gauss-security.com","url":"https://github.com/advisories/GHSA-mpg4-rc92-vx8v"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098583,"path":"smartsheet>axios","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.6.0","paths":["@axe-core/cli>chromedriver>axios"]},{"version":"1.6.0","paths":["newrelic>@newrelic/security-agent>axios"]},{"version":"1.6.1","paths":["smartsheet>axios"]}],"metadata":null,"vulnerable_versions":">=1.3.2 <=1.7.3","module_name":"axios","severity":"high","github_advisory_id":"GHSA-8hc4-vh64-cxmj","cves":["CVE-2024-39338"],"access":"public","patched_versions":">=1.7.4","cvss":{"score":0,"vectorString":null},"updated":"2024-08-13T19:53:25.000Z","recommendation":"Upgrade to version 1.7.4 or later","cwe":["CWE-918"],"found_by":null,"deleted":null,"id":1098583,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-39338\n- https://github.com/axios/axios/releases\n- https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html\n- https://github.com/axios/axios/issues/6463\n- https://github.com/axios/axios/pull/6539\n- https://github.com/axios/axios/pull/6543\n- https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a\n- https://github.com/axios/axios/releases/tag/v1.7.4\n- https://github.com/advisories/GHSA-8hc4-vh64-cxmj","created":"2024-08-12T15:30:49.000Z","reported_by":null,"title":"Server-Side Request Forgery in axios","npm_advisory_id":null,"overview":"axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.","url":"https://github.com/advisories/GHSA-8hc4-vh64-cxmj"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098593,"path":"redoc-cli>node-libs-browser>crypto-browserify>browserify-sign>elliptic","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"6.5.4","paths":["redoc-cli>node-libs-browser>crypto-browserify>browserify-sign>elliptic"]}],"metadata":null,"vulnerable_versions":">=4.0.0 <=6.5.6","module_name":"elliptic","severity":"low","github_advisory_id":"GHSA-f7q4-pwc6-w24p","cves":["CVE-2024-42459"],"access":"public","patched_versions":">=6.5.7","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},"updated":"2024-08-15T17:53:40.000Z","recommendation":"Upgrade to version 6.5.7 or later","cwe":["CWE-347"],"found_by":null,"deleted":null,"id":1098593,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-42459\n- https://github.com/indutny/elliptic/pull/317\n- https://github.com/indutny/elliptic/commit/c0690b36be043ee73c1780ae4b7df48632b11cf9\n- https://github.com/indutny/elliptic/commit/accb61e9c1a005e5c8ff96a8b33893100bb42d11\n- https://github.com/advisories/GHSA-f7q4-pwc6-w24p","created":"2024-08-02T09:31:35.000Z","reported_by":null,"title":"Elliptic's EDDSA missing signature length check","npm_advisory_id":null,"overview":"In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended.","url":"https://github.com/advisories/GHSA-f7q4-pwc6-w24p"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098594,"path":"redoc-cli>node-libs-browser>crypto-browserify>browserify-sign>elliptic","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"6.5.4","paths":["redoc-cli>node-libs-browser>crypto-browserify>browserify-sign>elliptic"]}],"metadata":null,"vulnerable_versions":">=2.0.0 <=6.5.6","module_name":"elliptic","severity":"low","github_advisory_id":"GHSA-977x-g7h5-7qgw","cves":["CVE-2024-42460"],"access":"public","patched_versions":">=6.5.7","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},"updated":"2024-08-15T17:53:06.000Z","recommendation":"Upgrade to version 6.5.7 or later","cwe":["CWE-130"],"found_by":null,"deleted":null,"id":1098594,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-42460\n- https://github.com/indutny/elliptic/pull/317\n- https://github.com/indutny/elliptic/commit/b6ff1758d9a6d1a7aec177ff6df9f586492a6315\n- https://github.com/indutny/elliptic/commit/accb61e9c1a005e5c8ff96a8b33893100bb42d11\n- https://github.com/advisories/GHSA-977x-g7h5-7qgw","created":"2024-08-02T09:31:35.000Z","reported_by":null,"title":"Elliptic's ECDSA missing check for whether leading bit of r and s is zero","npm_advisory_id":null,"overview":"In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.","url":"https://github.com/advisories/GHSA-977x-g7h5-7qgw"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098595,"path":"redoc-cli>node-libs-browser>crypto-browserify>browserify-sign>elliptic","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"6.5.4","paths":["redoc-cli>node-libs-browser>crypto-browserify>browserify-sign>elliptic"]}],"metadata":null,"vulnerable_versions":">=5.2.1 <=6.5.6","module_name":"elliptic","severity":"low","github_advisory_id":"GHSA-49q7-c7j4-3p7m","cves":["CVE-2024-42461"],"access":"public","patched_versions":">=6.5.7","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},"updated":"2024-08-15T17:52:30.000Z","recommendation":"Upgrade to version 6.5.7 or later","cwe":["CWE-347"],"found_by":null,"deleted":null,"id":1098595,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-42461\n- https://github.com/indutny/elliptic/pull/317\n- https://github.com/indutny/elliptic/commit/accb61e9c1a005e5c8ff96a8b33893100bb42d11\n- https://github.com/advisories/GHSA-49q7-c7j4-3p7m","created":"2024-08-02T09:31:35.000Z","reported_by":null,"title":"Elliptic allows BER-encoded signatures","npm_advisory_id":null,"overview":"In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.","url":"https://github.com/advisories/GHSA-49q7-c7j4-3p7m"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"jest-cli>jest-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.7","paths":["jest-cli>jest-util>micromatch","@types/jest>expect>jest-message-util>micromatch","@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>babel-jest>@jest/transform>jest-haste-map>sane>anymatch>micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"@types/jest>expect>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.7","paths":["jest-cli>jest-util>micromatch","@types/jest>expect>jest-message-util>micromatch","@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>babel-jest>@jest/transform>jest-haste-map>sane>anymatch>micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.7","paths":["jest-cli>jest-util>micromatch","@types/jest>expect>jest-message-util>micromatch","@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>babel-jest>@jest/transform>jest-haste-map>sane>anymatch>micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.7","paths":["jest-cli>jest-util>micromatch","@types/jest>expect>jest-message-util>micromatch","@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>babel-jest>@jest/transform>jest-haste-map>sane>anymatch>micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.7","paths":["jest-cli>jest-util>micromatch","@types/jest>expect>jest-message-util>micromatch","@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>babel-jest>@jest/transform>jest-haste-map>sane>anymatch>micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.7","paths":["jest-cli>jest-util>micromatch","@types/jest>expect>jest-message-util>micromatch","@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>babel-jest>@jest/transform>jest-haste-map>sane>anymatch>micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.7","paths":["jest-cli>jest-util>micromatch","@types/jest>expect>jest-message-util>micromatch","@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>babel-jest>@jest/transform>jest-haste-map>sane>anymatch>micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.7","paths":["jest-cli>jest-util>micromatch","@types/jest>expect>jest-message-util>micromatch","@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>babel-jest>@jest/transform>jest-haste-map>sane>anymatch>micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.7","paths":["jest-cli>jest-util>micromatch","@types/jest>expect>jest-message-util>micromatch","@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>babel-jest>@jest/transform>jest-haste-map>sane>anymatch>micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1094902,"path":"@axe-core/cli>chromedriver","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"109.0.0","paths":["@axe-core/cli>chromedriver"]}],"metadata":null,"vulnerable_versions":"<119.0.1","module_name":"chromedriver","severity":"moderate","github_advisory_id":"GHSA-hm92-vgmw-qfmx","cves":["CVE-2023-26156"],"access":"public","patched_versions":">=119.0.1","cvss":{"score":5.6,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},"updated":"2023-11-17T22:12:01.000Z","recommendation":"Upgrade to version 119.0.1 or later","cwe":["CWE-78"],"found_by":null,"deleted":null,"id":1094902,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-26156\n- https://github.com/giggio/node-chromedriver/commit/de961e34e023afcf4fa5c0faeeec69aaa6c3c815\n- https://gist.github.com/mcoimbra/47b1da554a80795c45126d51e41b2b18\n- https://security.snyk.io/vuln/SNYK-JS-CHROMEDRIVER-6049539\n- https://github.com/advisories/GHSA-hm92-vgmw-qfmx","created":"2023-11-09T06:30:28.000Z","reported_by":null,"title":"chromedriver Command Injection vulnerability","npm_advisory_id":null,"overview":"Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. This could lead to unauthorized access and potentially malicious actions on the host system.\n\n**Note:**\n\nAn attacker must have access to the system running the vulnerable chromedriver library to exploit it. The success of exploitation also depends on the permissions and privileges of the process running chromedriver. ","url":"https://github.com/advisories/GHSA-hm92-vgmw-qfmx"}}} {"type":"auditAdvisory","data":{"resolution":{"id":1096410,"path":"xml2json>hoek","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.2.1","paths":["xml2json>hoek"]},{"version":"5.0.4","paths":["xml2json>joi>hoek"]},{"version":"6.1.3","paths":["xml2json>joi>topo>hoek"]}],"metadata":null,"vulnerable_versions":"<=6.1.3","module_name":"hoek","severity":"high","github_advisory_id":"GHSA-c429-5p7v-vgjp","cves":["CVE-2020-36604"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":8.1,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},"updated":"2024-02-07T18:59:37.000Z","recommendation":"None","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1096410,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2020-36604\n- https://github.com/hapijs/hoek/issues/352\n- https://github.com/hapijs/hoek/commit/4d0804bc6135ad72afdc5e1ec002b935b2f5216a\n- https://github.com/hapijs/hoek/commit/948baf98634a5c206875b67d11368f133034fa90\n- https://github.com/advisories/GHSA-c429-5p7v-vgjp","created":"2022-09-25T00:00:27.000Z","reported_by":null,"title":"hoek subject to prototype pollution via the clone function.","npm_advisory_id":null,"overview":"hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the __proto__ key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1. ","url":"https://github.com/advisories/GHSA-c429-5p7v-vgjp"}}} {"type":"auditAdvisory","data":{"resolution":{"id":1096410,"path":"xml2json>joi>hoek","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.2.1","paths":["xml2json>hoek"]},{"version":"5.0.4","paths":["xml2json>joi>hoek"]},{"version":"6.1.3","paths":["xml2json>joi>topo>hoek"]}],"metadata":null,"vulnerable_versions":"<=6.1.3","module_name":"hoek","severity":"high","github_advisory_id":"GHSA-c429-5p7v-vgjp","cves":["CVE-2020-36604"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":8.1,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},"updated":"2024-02-07T18:59:37.000Z","recommendation":"None","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1096410,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2020-36604\n- https://github.com/hapijs/hoek/issues/352\n- https://github.com/hapijs/hoek/commit/4d0804bc6135ad72afdc5e1ec002b935b2f5216a\n- https://github.com/hapijs/hoek/commit/948baf98634a5c206875b67d11368f133034fa90\n- https://github.com/advisories/GHSA-c429-5p7v-vgjp","created":"2022-09-25T00:00:27.000Z","reported_by":null,"title":"hoek subject to prototype pollution via the clone function.","npm_advisory_id":null,"overview":"hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the __proto__ key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1. ","url":"https://github.com/advisories/GHSA-c429-5p7v-vgjp"}}} {"type":"auditAdvisory","data":{"resolution":{"id":1096410,"path":"xml2json>joi>topo>hoek","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.2.1","paths":["xml2json>hoek"]},{"version":"5.0.4","paths":["xml2json>joi>hoek"]},{"version":"6.1.3","paths":["xml2json>joi>topo>hoek"]}],"metadata":null,"vulnerable_versions":"<=6.1.3","module_name":"hoek","severity":"high","github_advisory_id":"GHSA-c429-5p7v-vgjp","cves":["CVE-2020-36604"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":8.1,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},"updated":"2024-02-07T18:59:37.000Z","recommendation":"None","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1096410,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2020-36604\n- https://github.com/hapijs/hoek/issues/352\n- https://github.com/hapijs/hoek/commit/4d0804bc6135ad72afdc5e1ec002b935b2f5216a\n- https://github.com/hapijs/hoek/commit/948baf98634a5c206875b67d11368f133034fa90\n- https://github.com/advisories/GHSA-c429-5p7v-vgjp","created":"2022-09-25T00:00:27.000Z","reported_by":null,"title":"hoek subject to prototype pollution via the clone function.","npm_advisory_id":null,"overview":"hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the __proto__ key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1. ","url":"https://github.com/advisories/GHSA-c429-5p7v-vgjp"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098582,"path":"newrelic>@newrelic/security-agent>axios","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"1.6.0","paths":["newrelic>@newrelic/security-agent>axios"]},{"version":"1.6.1","paths":["smartsheet>axios"]}],"metadata":null,"vulnerable_versions":">=1.3.2 <=1.7.3","module_name":"axios","severity":"high","github_advisory_id":"GHSA-8hc4-vh64-cxmj","cves":["CVE-2024-39338"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-12T17:26:46.000Z","recommendation":"None","cwe":["CWE-918"],"found_by":null,"deleted":null,"id":1098582,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-39338\n- https://github.com/axios/axios/releases\n- https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html\n- https://github.com/axios/axios/issues/6463\n- https://github.com/axios/axios/pull/6539\n- https://github.com/advisories/GHSA-8hc4-vh64-cxmj","created":"2024-08-12T15:30:49.000Z","reported_by":null,"title":"Server-Side Request Forgery in axios","npm_advisory_id":null,"overview":"axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.","url":"https://github.com/advisories/GHSA-8hc4-vh64-cxmj"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098582,"path":"smartsheet>axios","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"1.6.0","paths":["newrelic>@newrelic/security-agent>axios"]},{"version":"1.6.1","paths":["smartsheet>axios"]}],"metadata":null,"vulnerable_versions":">=1.3.2 <=1.7.3","module_name":"axios","severity":"high","github_advisory_id":"GHSA-8hc4-vh64-cxmj","cves":["CVE-2024-39338"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-12T17:26:46.000Z","recommendation":"None","cwe":["CWE-918"],"found_by":null,"deleted":null,"id":1098582,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-39338\n- https://github.com/axios/axios/releases\n- https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html\n- https://github.com/axios/axios/issues/6463\n- https://github.com/axios/axios/pull/6539\n- https://github.com/advisories/GHSA-8hc4-vh64-cxmj","created":"2024-08-12T15:30:49.000Z","reported_by":null,"title":"Server-Side Request Forgery in axios","npm_advisory_id":null,"overview":"axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.","url":"https://github.com/advisories/GHSA-8hc4-vh64-cxmj"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098583,"path":"@axe-core/cli>chromedriver>axios","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.6.0","paths":["@axe-core/cli>chromedriver>axios"]},{"version":"1.6.0","paths":["newrelic>@newrelic/security-agent>axios"]},{"version":"1.6.1","paths":["smartsheet>axios"]}],"metadata":null,"vulnerable_versions":">=1.3.2 <=1.7.3","module_name":"axios","severity":"high","github_advisory_id":"GHSA-8hc4-vh64-cxmj","cves":["CVE-2024-39338"],"access":"public","patched_versions":">=1.7.4","cvss":{"score":0,"vectorString":null},"updated":"2024-08-13T19:53:25.000Z","recommendation":"Upgrade to version 1.7.4 or later","cwe":["CWE-918"],"found_by":null,"deleted":null,"id":1098583,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-39338\n- https://github.com/axios/axios/releases\n- https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html\n- https://github.com/axios/axios/issues/6463\n- https://github.com/axios/axios/pull/6539\n- https://github.com/axios/axios/pull/6543\n- https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a\n- https://github.com/axios/axios/releases/tag/v1.7.4\n- https://github.com/advisories/GHSA-8hc4-vh64-cxmj","created":"2024-08-12T15:30:49.000Z","reported_by":null,"title":"Server-Side Request Forgery in axios","npm_advisory_id":null,"overview":"axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.","url":"https://github.com/advisories/GHSA-8hc4-vh64-cxmj"}}} From 640e1153352850db5c99be64cc98ce67ce56db5d Mon Sep 17 00:00:00 2001 From: GarrettEHill Date: Mon, 26 Aug 2024 14:11:43 -0700 Subject: [PATCH 5/9] Update yarn-audit-known-issues --- yarn-audit-known-issues | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/yarn-audit-known-issues b/yarn-audit-known-issues index f338b97612..eb1440461c 100644 --- a/yarn-audit-known-issues +++ b/yarn-audit-known-issues @@ -1,23 +1,7 @@ {"type":"auditAdvisory","data":{"resolution":{"id":1096366,"path":"email-templates>preview-email>mailparser>nodemailer","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"6.7.3","paths":["email-templates>preview-email>mailparser>nodemailer"]}],"metadata":null,"vulnerable_versions":"<=6.9.8","module_name":"nodemailer","severity":"moderate","github_advisory_id":"GHSA-9h6g-pr28-7cqp","cves":[],"access":"public","patched_versions":">=6.9.9","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-02-01T17:58:50.000Z","recommendation":"Upgrade to version 6.9.9 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1096366,"references":"- https://github.com/nodemailer/nodemailer/security/advisories/GHSA-9h6g-pr28-7cqp\n- https://gist.github.com/francoatmega/890dd5053375333e40c6fdbcc8c58df6\n- https://gist.github.com/francoatmega/9aab042b0b24968d7b7039818e8b2698\n- https://github.com/nodemailer/nodemailer/commit/dd8f5e8a4ddc99992e31df76bcff9c590035cd4a\n- https://github.com/advisories/GHSA-9h6g-pr28-7cqp","created":"2024-01-31T22:42:54.000Z","reported_by":null,"title":"nodemailer ReDoS when trying to send a specially crafted email","npm_advisory_id":null,"overview":"### Summary\nA ReDoS vulnerability occurs when nodemailer tries to parse img files with the parameter `attachDataUrls` set, causing the stuck of event loop. \nAnother flaw was found when nodemailer tries to parse an attachments with a embedded file, causing the stuck of event loop. \n\n### Details\n\nRegex: /^data:((?:[^;]*;)*(?:[^,]*)),(.*)$/\n\nPath: compile -> getAttachments -> _processDataUrl\n\nRegex: /(]* src\\s*=[\\s\"']*)(data:([^;]+);[^\"'>\\s]+)/\n\nPath: _convertDataImages\n\n### PoC\n\nhttps://gist.github.com/francoatmega/890dd5053375333e40c6fdbcc8c58df6\nhttps://gist.github.com/francoatmega/9aab042b0b24968d7b7039818e8b2698\n\n### Impact\n\nReDoS causes the event loop to stuck a specially crafted evil email can cause this problem.\n","url":"https://github.com/advisories/GHSA-9h6g-pr28-7cqp"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098392,"path":"puppeteer>ws","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"8.5.0","paths":["puppeteer>ws"]}],"metadata":null,"vulnerable_versions":">=8.0.0 <8.17.1","module_name":"ws","severity":"high","github_advisory_id":"GHSA-3h5v-q93c-6h6q","cves":["CVE-2024-37890"],"access":"public","patched_versions":">=8.17.1","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2024-08-05T05:02:34.000Z","recommendation":"Upgrade to version 8.17.1 or later","cwe":["CWE-476"],"found_by":null,"deleted":null,"id":1098392,"references":"- https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q\n- https://github.com/websockets/ws/issues/2230\n- https://github.com/websockets/ws/pull/2231\n- https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f\n- https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e\n- https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c\n- https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63\n- https://github.com/advisories/GHSA-3h5v-q93c-6h6q","created":"2024-06-17T19:09:10.000Z","reported_by":null,"title":"ws affected by a DoS when handling a request with many HTTP headers","npm_advisory_id":null,"overview":"### Impact\n\nA request with a number of headers exceeding the[`server.maxHeadersCount`][] threshold could be used to crash a ws server.\n\n### Proof of concept\n\n```js\nconst http = require('http');\nconst WebSocket = require('ws');\n\nconst wss = new WebSocket.Server({ port: 0 }, function () {\n const chars = \"!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~\".split('');\n const headers = {};\n let count = 0;\n\n for (let i = 0; i < chars.length; i++) {\n if (count === 2000) break;\n\n for (let j = 0; j < chars.length; j++) {\n const key = chars[i] + chars[j];\n headers[key] = 'x';\n\n if (++count === 2000) break;\n }\n }\n\n headers.Connection = 'Upgrade';\n headers.Upgrade = 'websocket';\n headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';\n headers['Sec-WebSocket-Version'] = '13';\n\n const request = http.request({\n headers: headers,\n host: '127.0.0.1',\n port: wss.address().port\n });\n\n request.end();\n});\n```\n\n### Patches\n\nThe vulnerability was fixed in ws@8.17.1 (https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c) and backported to ws@7.5.10 (https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f), ws@6.2.3 (https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63), and ws@5.2.4 (https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e)\n\n### Workarounds\n\nIn vulnerable versions of ws, the issue can be mitigated in the following ways:\n\n1. Reduce the maximum allowed length of the request headers using the [`--max-http-header-size=size`][] and/or the [`maxHeaderSize`][] options so that no more headers than the `server.maxHeadersCount` limit can be sent.\n2. Set `server.maxHeadersCount` to `0` so that no limit is applied.\n\n### Credits\n\nThe vulnerability was reported by [Ryan LaPointe](https://github.com/rrlapointe) in https://github.com/websockets/ws/issues/2230.\n\n### References\n\n- https://github.com/websockets/ws/issues/2230\n- https://github.com/websockets/ws/pull/2231\n\n[`--max-http-header-size=size`]: https://nodejs.org/api/cli.html#--max-http-header-sizesize\n[`maxHeaderSize`]: https://nodejs.org/api/http.html#httpcreateserveroptions-requestlistener\n[`server.maxHeadersCount`]: https://nodejs.org/api/http.html#servermaxheaderscount\n","url":"https://github.com/advisories/GHSA-3h5v-q93c-6h6q"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098583,"path":"newrelic>@newrelic/security-agent>axios","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.6.0","paths":["@axe-core/cli>chromedriver>axios"]},{"version":"1.6.0","paths":["newrelic>@newrelic/security-agent>axios"]},{"version":"1.6.1","paths":["smartsheet>axios"]}],"metadata":null,"vulnerable_versions":">=1.3.2 <=1.7.3","module_name":"axios","severity":"high","github_advisory_id":"GHSA-8hc4-vh64-cxmj","cves":["CVE-2024-39338"],"access":"public","patched_versions":">=1.7.4","cvss":{"score":0,"vectorString":null},"updated":"2024-08-13T19:53:25.000Z","recommendation":"Upgrade to version 1.7.4 or later","cwe":["CWE-918"],"found_by":null,"deleted":null,"id":1098583,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-39338\n- https://github.com/axios/axios/releases\n- https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html\n- https://github.com/axios/axios/issues/6463\n- https://github.com/axios/axios/pull/6539\n- https://github.com/axios/axios/pull/6543\n- https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a\n- https://github.com/axios/axios/releases/tag/v1.7.4\n- https://github.com/advisories/GHSA-8hc4-vh64-cxmj","created":"2024-08-12T15:30:49.000Z","reported_by":null,"title":"Server-Side Request Forgery in axios","npm_advisory_id":null,"overview":"axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.","url":"https://github.com/advisories/GHSA-8hc4-vh64-cxmj"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>babel-jest>@jest/transform>jest-haste-map>sane>anymatch>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.7","paths":["jest-cli>jest-util>micromatch","@types/jest>expect>jest-message-util>micromatch","@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>babel-jest>@jest/transform>jest-haste-map>sane>anymatch>micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098583,"path":"newrelic>@newrelic/security-agent>axios","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.6.0","paths":["newrelic>@newrelic/security-agent>axios"]},{"version":"1.6.1","paths":["smartsheet>axios"]}],"metadata":null,"vulnerable_versions":">=1.3.2 <=1.7.3","module_name":"axios","severity":"high","github_advisory_id":"GHSA-8hc4-vh64-cxmj","cves":["CVE-2024-39338"],"access":"public","patched_versions":">=1.7.4","cvss":{"score":0,"vectorString":null},"updated":"2024-08-13T19:53:25.000Z","recommendation":"Upgrade to version 1.7.4 or later","cwe":["CWE-918"],"found_by":null,"deleted":null,"id":1098583,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-39338\n- https://github.com/axios/axios/releases\n- https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html\n- https://github.com/axios/axios/issues/6463\n- https://github.com/axios/axios/pull/6539\n- https://github.com/axios/axios/pull/6543\n- https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a\n- https://github.com/axios/axios/releases/tag/v1.7.4\n- https://github.com/advisories/GHSA-8hc4-vh64-cxmj","created":"2024-08-12T15:30:49.000Z","reported_by":null,"title":"Server-Side Request Forgery in axios","npm_advisory_id":null,"overview":"axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.","url":"https://github.com/advisories/GHSA-8hc4-vh64-cxmj"}}} {"type":"auditAdvisory","data":{"resolution":{"id":1098559,"path":"newrelic>@newrelic/security-agent>@aws-sdk/client-lambda>@aws-sdk/client-sts>fast-xml-parser","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.2.5","paths":["newrelic>@newrelic/security-agent>@aws-sdk/client-lambda>@aws-sdk/client-sts>fast-xml-parser"]}],"metadata":null,"vulnerable_versions":"<4.4.1","module_name":"fast-xml-parser","severity":"high","github_advisory_id":"GHSA-mpg4-rc92-vx8v","cves":["CVE-2024-41818"],"access":"public","patched_versions":">=4.4.1","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2024-08-08T05:10:58.000Z","recommendation":"Upgrade to version 4.4.1 or later","cwe":["CWE-400"],"found_by":null,"deleted":null,"id":1098559,"references":"- https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-mpg4-rc92-vx8v\n- https://github.com/NaturalIntelligence/fast-xml-parser/commit/d0bfe8a3a2813a185f39591bbef222212d856164\n- https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/src/v5/valueParsers/currency.js#L10\n- https://nvd.nist.gov/vuln/detail/CVE-2024-41818\n- https://github.com/advisories/GHSA-mpg4-rc92-vx8v","created":"2024-07-29T17:46:16.000Z","reported_by":null,"title":"fast-xml-parser vulnerable to ReDOS at currency parsing","npm_advisory_id":null,"overview":"### Summary\nA ReDOS exists on currency.js was discovered by Gauss Security Labs R&D team.\n\n### Details\nhttps://github.com/NaturalIntelligence/fast-xml-parser/blob/master/src/v5/valueParsers/currency.js#L10\ncontains a vulnerable regex \n\n### PoC\npass the following string '\\t'.repeat(13337) + '.'\n\n### Impact\nDenial of service during currency parsing in experimental version 5 of fast-xml-parser-library\n\nhttps://gauss-security.com","url":"https://github.com/advisories/GHSA-mpg4-rc92-vx8v"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098583,"path":"smartsheet>axios","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.6.0","paths":["@axe-core/cli>chromedriver>axios"]},{"version":"1.6.0","paths":["newrelic>@newrelic/security-agent>axios"]},{"version":"1.6.1","paths":["smartsheet>axios"]}],"metadata":null,"vulnerable_versions":">=1.3.2 <=1.7.3","module_name":"axios","severity":"high","github_advisory_id":"GHSA-8hc4-vh64-cxmj","cves":["CVE-2024-39338"],"access":"public","patched_versions":">=1.7.4","cvss":{"score":0,"vectorString":null},"updated":"2024-08-13T19:53:25.000Z","recommendation":"Upgrade to version 1.7.4 or later","cwe":["CWE-918"],"found_by":null,"deleted":null,"id":1098583,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-39338\n- https://github.com/axios/axios/releases\n- https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html\n- https://github.com/axios/axios/issues/6463\n- https://github.com/axios/axios/pull/6539\n- https://github.com/axios/axios/pull/6543\n- https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a\n- https://github.com/axios/axios/releases/tag/v1.7.4\n- https://github.com/advisories/GHSA-8hc4-vh64-cxmj","created":"2024-08-12T15:30:49.000Z","reported_by":null,"title":"Server-Side Request Forgery in axios","npm_advisory_id":null,"overview":"axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.","url":"https://github.com/advisories/GHSA-8hc4-vh64-cxmj"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098593,"path":"redoc-cli>node-libs-browser>crypto-browserify>browserify-sign>elliptic","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"6.5.4","paths":["redoc-cli>node-libs-browser>crypto-browserify>browserify-sign>elliptic"]}],"metadata":null,"vulnerable_versions":">=4.0.0 <=6.5.6","module_name":"elliptic","severity":"low","github_advisory_id":"GHSA-f7q4-pwc6-w24p","cves":["CVE-2024-42459"],"access":"public","patched_versions":">=6.5.7","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},"updated":"2024-08-15T17:53:40.000Z","recommendation":"Upgrade to version 6.5.7 or later","cwe":["CWE-347"],"found_by":null,"deleted":null,"id":1098593,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-42459\n- https://github.com/indutny/elliptic/pull/317\n- https://github.com/indutny/elliptic/commit/c0690b36be043ee73c1780ae4b7df48632b11cf9\n- https://github.com/indutny/elliptic/commit/accb61e9c1a005e5c8ff96a8b33893100bb42d11\n- https://github.com/advisories/GHSA-f7q4-pwc6-w24p","created":"2024-08-02T09:31:35.000Z","reported_by":null,"title":"Elliptic's EDDSA missing signature length check","npm_advisory_id":null,"overview":"In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended.","url":"https://github.com/advisories/GHSA-f7q4-pwc6-w24p"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098594,"path":"redoc-cli>node-libs-browser>crypto-browserify>browserify-sign>elliptic","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"6.5.4","paths":["redoc-cli>node-libs-browser>crypto-browserify>browserify-sign>elliptic"]}],"metadata":null,"vulnerable_versions":">=2.0.0 <=6.5.6","module_name":"elliptic","severity":"low","github_advisory_id":"GHSA-977x-g7h5-7qgw","cves":["CVE-2024-42460"],"access":"public","patched_versions":">=6.5.7","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},"updated":"2024-08-15T17:53:06.000Z","recommendation":"Upgrade to version 6.5.7 or later","cwe":["CWE-130"],"found_by":null,"deleted":null,"id":1098594,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-42460\n- https://github.com/indutny/elliptic/pull/317\n- https://github.com/indutny/elliptic/commit/b6ff1758d9a6d1a7aec177ff6df9f586492a6315\n- https://github.com/indutny/elliptic/commit/accb61e9c1a005e5c8ff96a8b33893100bb42d11\n- https://github.com/advisories/GHSA-977x-g7h5-7qgw","created":"2024-08-02T09:31:35.000Z","reported_by":null,"title":"Elliptic's ECDSA missing check for whether leading bit of r and s is zero","npm_advisory_id":null,"overview":"In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.","url":"https://github.com/advisories/GHSA-977x-g7h5-7qgw"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098595,"path":"redoc-cli>node-libs-browser>crypto-browserify>browserify-sign>elliptic","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"6.5.4","paths":["redoc-cli>node-libs-browser>crypto-browserify>browserify-sign>elliptic"]}],"metadata":null,"vulnerable_versions":">=5.2.1 <=6.5.6","module_name":"elliptic","severity":"low","github_advisory_id":"GHSA-49q7-c7j4-3p7m","cves":["CVE-2024-42461"],"access":"public","patched_versions":">=6.5.7","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},"updated":"2024-08-15T17:52:30.000Z","recommendation":"Upgrade to version 6.5.7 or later","cwe":["CWE-347"],"found_by":null,"deleted":null,"id":1098595,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-42461\n- https://github.com/indutny/elliptic/pull/317\n- https://github.com/indutny/elliptic/commit/accb61e9c1a005e5c8ff96a8b33893100bb42d11\n- https://github.com/advisories/GHSA-49q7-c7j4-3p7m","created":"2024-08-02T09:31:35.000Z","reported_by":null,"title":"Elliptic allows BER-encoded signatures","npm_advisory_id":null,"overview":"In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.","url":"https://github.com/advisories/GHSA-49q7-c7j4-3p7m"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"jest-cli>jest-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.7","paths":["jest-cli>jest-util>micromatch","@types/jest>expect>jest-message-util>micromatch","@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>babel-jest>@jest/transform>jest-haste-map>sane>anymatch>micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"@types/jest>expect>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.7","paths":["jest-cli>jest-util>micromatch","@types/jest>expect>jest-message-util>micromatch","@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>babel-jest>@jest/transform>jest-haste-map>sane>anymatch>micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.7","paths":["jest-cli>jest-util>micromatch","@types/jest>expect>jest-message-util>micromatch","@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>babel-jest>@jest/transform>jest-haste-map>sane>anymatch>micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.7","paths":["jest-cli>jest-util>micromatch","@types/jest>expect>jest-message-util>micromatch","@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>babel-jest>@jest/transform>jest-haste-map>sane>anymatch>micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.7","paths":["jest-cli>jest-util>micromatch","@types/jest>expect>jest-message-util>micromatch","@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>babel-jest>@jest/transform>jest-haste-map>sane>anymatch>micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.7","paths":["jest-cli>jest-util>micromatch","@types/jest>expect>jest-message-util>micromatch","@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>babel-jest>@jest/transform>jest-haste-map>sane>anymatch>micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.7","paths":["jest-cli>jest-util>micromatch","@types/jest>expect>jest-message-util>micromatch","@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>babel-jest>@jest/transform>jest-haste-map>sane>anymatch>micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.7","paths":["jest-cli>jest-util>micromatch","@types/jest>expect>jest-message-util>micromatch","@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>babel-jest>@jest/transform>jest-haste-map>sane>anymatch>micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.7","paths":["jest-cli>jest-util>micromatch","@types/jest>expect>jest-message-util>micromatch","@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","jest-cli>jest-config>@jest/test-sequencer>jest-runner>jest-runtime>jest-config>babel-jest>@jest/transform>jest-haste-map>sane>anymatch>micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1094902,"path":"@axe-core/cli>chromedriver","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"109.0.0","paths":["@axe-core/cli>chromedriver"]}],"metadata":null,"vulnerable_versions":"<119.0.1","module_name":"chromedriver","severity":"moderate","github_advisory_id":"GHSA-hm92-vgmw-qfmx","cves":["CVE-2023-26156"],"access":"public","patched_versions":">=119.0.1","cvss":{"score":5.6,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},"updated":"2023-11-17T22:12:01.000Z","recommendation":"Upgrade to version 119.0.1 or later","cwe":["CWE-78"],"found_by":null,"deleted":null,"id":1094902,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-26156\n- https://github.com/giggio/node-chromedriver/commit/de961e34e023afcf4fa5c0faeeec69aaa6c3c815\n- https://gist.github.com/mcoimbra/47b1da554a80795c45126d51e41b2b18\n- https://security.snyk.io/vuln/SNYK-JS-CHROMEDRIVER-6049539\n- https://github.com/advisories/GHSA-hm92-vgmw-qfmx","created":"2023-11-09T06:30:28.000Z","reported_by":null,"title":"chromedriver Command Injection vulnerability","npm_advisory_id":null,"overview":"Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. This could lead to unauthorized access and potentially malicious actions on the host system.\n\n**Note:**\n\nAn attacker must have access to the system running the vulnerable chromedriver library to exploit it. The success of exploitation also depends on the permissions and privileges of the process running chromedriver. ","url":"https://github.com/advisories/GHSA-hm92-vgmw-qfmx"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098583,"path":"smartsheet>axios","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.6.0","paths":["newrelic>@newrelic/security-agent>axios"]},{"version":"1.6.1","paths":["smartsheet>axios"]}],"metadata":null,"vulnerable_versions":">=1.3.2 <=1.7.3","module_name":"axios","severity":"high","github_advisory_id":"GHSA-8hc4-vh64-cxmj","cves":["CVE-2024-39338"],"access":"public","patched_versions":">=1.7.4","cvss":{"score":0,"vectorString":null},"updated":"2024-08-13T19:53:25.000Z","recommendation":"Upgrade to version 1.7.4 or later","cwe":["CWE-918"],"found_by":null,"deleted":null,"id":1098583,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-39338\n- https://github.com/axios/axios/releases\n- https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html\n- https://github.com/axios/axios/issues/6463\n- https://github.com/axios/axios/pull/6539\n- https://github.com/axios/axios/pull/6543\n- https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a\n- https://github.com/axios/axios/releases/tag/v1.7.4\n- https://github.com/advisories/GHSA-8hc4-vh64-cxmj","created":"2024-08-12T15:30:49.000Z","reported_by":null,"title":"Server-Side Request Forgery in axios","npm_advisory_id":null,"overview":"axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.","url":"https://github.com/advisories/GHSA-8hc4-vh64-cxmj"}}} {"type":"auditAdvisory","data":{"resolution":{"id":1096410,"path":"xml2json>hoek","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.2.1","paths":["xml2json>hoek"]},{"version":"5.0.4","paths":["xml2json>joi>hoek"]},{"version":"6.1.3","paths":["xml2json>joi>topo>hoek"]}],"metadata":null,"vulnerable_versions":"<=6.1.3","module_name":"hoek","severity":"high","github_advisory_id":"GHSA-c429-5p7v-vgjp","cves":["CVE-2020-36604"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":8.1,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},"updated":"2024-02-07T18:59:37.000Z","recommendation":"None","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1096410,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2020-36604\n- https://github.com/hapijs/hoek/issues/352\n- https://github.com/hapijs/hoek/commit/4d0804bc6135ad72afdc5e1ec002b935b2f5216a\n- https://github.com/hapijs/hoek/commit/948baf98634a5c206875b67d11368f133034fa90\n- https://github.com/advisories/GHSA-c429-5p7v-vgjp","created":"2022-09-25T00:00:27.000Z","reported_by":null,"title":"hoek subject to prototype pollution via the clone function.","npm_advisory_id":null,"overview":"hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the __proto__ key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1. ","url":"https://github.com/advisories/GHSA-c429-5p7v-vgjp"}}} {"type":"auditAdvisory","data":{"resolution":{"id":1096410,"path":"xml2json>joi>hoek","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.2.1","paths":["xml2json>hoek"]},{"version":"5.0.4","paths":["xml2json>joi>hoek"]},{"version":"6.1.3","paths":["xml2json>joi>topo>hoek"]}],"metadata":null,"vulnerable_versions":"<=6.1.3","module_name":"hoek","severity":"high","github_advisory_id":"GHSA-c429-5p7v-vgjp","cves":["CVE-2020-36604"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":8.1,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},"updated":"2024-02-07T18:59:37.000Z","recommendation":"None","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1096410,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2020-36604\n- https://github.com/hapijs/hoek/issues/352\n- https://github.com/hapijs/hoek/commit/4d0804bc6135ad72afdc5e1ec002b935b2f5216a\n- https://github.com/hapijs/hoek/commit/948baf98634a5c206875b67d11368f133034fa90\n- https://github.com/advisories/GHSA-c429-5p7v-vgjp","created":"2022-09-25T00:00:27.000Z","reported_by":null,"title":"hoek subject to prototype pollution via the clone function.","npm_advisory_id":null,"overview":"hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the __proto__ key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1. ","url":"https://github.com/advisories/GHSA-c429-5p7v-vgjp"}}} {"type":"auditAdvisory","data":{"resolution":{"id":1096410,"path":"xml2json>joi>topo>hoek","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.2.1","paths":["xml2json>hoek"]},{"version":"5.0.4","paths":["xml2json>joi>hoek"]},{"version":"6.1.3","paths":["xml2json>joi>topo>hoek"]}],"metadata":null,"vulnerable_versions":"<=6.1.3","module_name":"hoek","severity":"high","github_advisory_id":"GHSA-c429-5p7v-vgjp","cves":["CVE-2020-36604"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":8.1,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},"updated":"2024-02-07T18:59:37.000Z","recommendation":"None","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1096410,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2020-36604\n- https://github.com/hapijs/hoek/issues/352\n- https://github.com/hapijs/hoek/commit/4d0804bc6135ad72afdc5e1ec002b935b2f5216a\n- https://github.com/hapijs/hoek/commit/948baf98634a5c206875b67d11368f133034fa90\n- https://github.com/advisories/GHSA-c429-5p7v-vgjp","created":"2022-09-25T00:00:27.000Z","reported_by":null,"title":"hoek subject to prototype pollution via the clone function.","npm_advisory_id":null,"overview":"hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the __proto__ key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1. ","url":"https://github.com/advisories/GHSA-c429-5p7v-vgjp"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098583,"path":"@axe-core/cli>chromedriver>axios","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.6.0","paths":["@axe-core/cli>chromedriver>axios"]},{"version":"1.6.0","paths":["newrelic>@newrelic/security-agent>axios"]},{"version":"1.6.1","paths":["smartsheet>axios"]}],"metadata":null,"vulnerable_versions":">=1.3.2 <=1.7.3","module_name":"axios","severity":"high","github_advisory_id":"GHSA-8hc4-vh64-cxmj","cves":["CVE-2024-39338"],"access":"public","patched_versions":">=1.7.4","cvss":{"score":0,"vectorString":null},"updated":"2024-08-13T19:53:25.000Z","recommendation":"Upgrade to version 1.7.4 or later","cwe":["CWE-918"],"found_by":null,"deleted":null,"id":1098583,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-39338\n- https://github.com/axios/axios/releases\n- https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html\n- https://github.com/axios/axios/issues/6463\n- https://github.com/axios/axios/pull/6539\n- https://github.com/axios/axios/pull/6543\n- https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a\n- https://github.com/axios/axios/releases/tag/v1.7.4\n- https://github.com/advisories/GHSA-8hc4-vh64-cxmj","created":"2024-08-12T15:30:49.000Z","reported_by":null,"title":"Server-Side Request Forgery in axios","npm_advisory_id":null,"overview":"axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.","url":"https://github.com/advisories/GHSA-8hc4-vh64-cxmj"}}} From 1891459073e35b957c5b8321bebeff3b3dc83fe6 Mon Sep 17 00:00:00 2001 From: GarrettEHill Date: Mon, 26 Aug 2024 14:19:21 -0700 Subject: [PATCH 6/9] Update yarn-audit-known-issues --- frontend/yarn-audit-known-issues | 80 ++++++++++++++++---------------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/frontend/yarn-audit-known-issues b/frontend/yarn-audit-known-issues index b36de4ba33..0084f6081a 100644 --- a/frontend/yarn-audit-known-issues +++ b/frontend/yarn-audit-known-issues @@ -1,43 +1,43 @@ {"type":"auditAdvisory","data":{"resolution":{"id":1097682,"path":"react-scripts>jest>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.0","paths":["react-scripts>jest>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-runner>jest-environment-jsdom>jsdom>tough-cookie"]}],"metadata":null,"vulnerable_versions":"<4.1.3","module_name":"tough-cookie","severity":"moderate","github_advisory_id":"GHSA-72xf-g2v4-qvf3","cves":["CVE-2023-26136"],"access":"public","patched_versions":">=4.1.3","cvss":{"score":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},"updated":"2024-06-21T21:33:53.000Z","recommendation":"Upgrade to version 4.1.3 or later","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1097682,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-26136\n- https://github.com/salesforce/tough-cookie/issues/282\n- https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e\n- https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3\n- https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873\n- https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ\n- https://security.netapp.com/advisory/ntap-20240621-0006\n- https://github.com/advisories/GHSA-72xf-g2v4-qvf3","created":"2023-07-01T06:30:16.000Z","reported_by":null,"title":"tough-cookie Prototype Pollution vulnerability","npm_advisory_id":null,"overview":"Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in `rejectPublicSuffixes=false` mode. This issue arises from the manner in which the objects are initialized.","url":"https://github.com/advisories/GHSA-72xf-g2v4-qvf3"}}} {"type":"auditAdvisory","data":{"resolution":{"id":1097682,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.0","paths":["react-scripts>jest>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-runner>jest-environment-jsdom>jsdom>tough-cookie"]}],"metadata":null,"vulnerable_versions":"<4.1.3","module_name":"tough-cookie","severity":"moderate","github_advisory_id":"GHSA-72xf-g2v4-qvf3","cves":["CVE-2023-26136"],"access":"public","patched_versions":">=4.1.3","cvss":{"score":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},"updated":"2024-06-21T21:33:53.000Z","recommendation":"Upgrade to version 4.1.3 or later","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1097682,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-26136\n- https://github.com/salesforce/tough-cookie/issues/282\n- https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e\n- https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3\n- https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873\n- https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ\n- https://security.netapp.com/advisory/ntap-20240621-0006\n- https://github.com/advisories/GHSA-72xf-g2v4-qvf3","created":"2023-07-01T06:30:16.000Z","reported_by":null,"title":"tough-cookie Prototype Pollution vulnerability","npm_advisory_id":null,"overview":"Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in `rejectPublicSuffixes=false` mode. This issue arises from the manner in which the objects are initialized.","url":"https://github.com/advisories/GHSA-72xf-g2v4-qvf3"}}} {"type":"auditAdvisory","data":{"resolution":{"id":1097682,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>jest-runner>jest-environment-jsdom>jsdom>tough-cookie","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.0","paths":["react-scripts>jest>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-runner>jest-environment-jsdom>jsdom>tough-cookie"]}],"metadata":null,"vulnerable_versions":"<4.1.3","module_name":"tough-cookie","severity":"moderate","github_advisory_id":"GHSA-72xf-g2v4-qvf3","cves":["CVE-2023-26136"],"access":"public","patched_versions":">=4.1.3","cvss":{"score":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},"updated":"2024-06-21T21:33:53.000Z","recommendation":"Upgrade to version 4.1.3 or later","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1097682,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-26136\n- https://github.com/salesforce/tough-cookie/issues/282\n- https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e\n- https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3\n- https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873\n- https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ\n- https://security.netapp.com/advisory/ntap-20240621-0006\n- https://github.com/advisories/GHSA-72xf-g2v4-qvf3","created":"2023-07-01T06:30:16.000Z","reported_by":null,"title":"tough-cookie Prototype Pollution vulnerability","npm_advisory_id":null,"overview":"Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in `rejectPublicSuffixes=false` mode. This issue arises from the manner in which the objects are initialized.","url":"https://github.com/advisories/GHSA-72xf-g2v4-qvf3"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>tailwindcss>fast-glob>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>react-dev-utils>globby>fast-glob>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest-resolve>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>babel-jest>@jest/transform>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>@jest/transform>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>eslint-webpack-plugin>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>jest-config>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>tailwindcss>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"http-proxy-middleware>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>webpack-dev-server>http-proxy-middleware>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>tailwindcss>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>react-dev-utils>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest-resolve>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>babel-jest>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>eslint-webpack-plugin>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>jest-config>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>tailwindcss>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"http-proxy-middleware>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>webpack-dev-server>http-proxy-middleware>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} From 025ab98ae63b7a2f12a6f38a10b6ab46d67e7e08 Mon Sep 17 00:00:00 2001 From: Matt Bevilacqua Date: Tue, 27 Aug 2024 10:33:19 -0400 Subject: [PATCH 7/9] Fix existing non-FEI/response goals, fix typo in hook --- ...0827142432-update-missing-fei-templates.js | 29 +++++++++++++++++++ src/models/hooks/activityReport.js | 2 +- 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 src/migrations/20240827142432-update-missing-fei-templates.js diff --git a/src/migrations/20240827142432-update-missing-fei-templates.js b/src/migrations/20240827142432-update-missing-fei-templates.js new file mode 100644 index 0000000000..73f0882717 --- /dev/null +++ b/src/migrations/20240827142432-update-missing-fei-templates.js @@ -0,0 +1,29 @@ +const { prepMigration } = require('../lib/migration'); + +module.exports = { + up: async (queryInterface) => queryInterface.sequelize.transaction( + async (transaction) => { + await prepMigration(queryInterface, transaction, __filename); + + await queryInterface.sequelize.query(/* sql */` + UPDATE "Goals" + SET "goalTemplateId" = 19017 + WHERE "goalTemplateId" is null AND "id" IN ( + SELECT + g.id + FROM "Goals" g + INNER JOIN "GoalFieldResponses" gfr ON g.id = gfr."goalId" + INNER JOIN "GoalTemplateFieldPrompts" gfft ON gfr."goalTemplateFieldPromptId" = gfft.id + WHERE g."goalTemplateId" is null AND gfft."goalTemplateId" = 19017 + ); + + `, { transaction }); + }, + ), + + down: async (queryInterface) => queryInterface.sequelize.transaction( + async (transaction) => { + await prepMigration(queryInterface, transaction, __filename); + }, + ), +}; diff --git a/src/models/hooks/activityReport.js b/src/models/hooks/activityReport.js index f0c338b0af..f414dd8858 100644 --- a/src/models/hooks/activityReport.js +++ b/src/models/hooks/activityReport.js @@ -169,7 +169,7 @@ const propagateSubmissionStatus = async (sequelize, instance, options) => { ))); // Add the corresponding template id to each of the goals. goals = goals.map((goal) => { - const goalTemplateId = distinctTemplates.filter((dt) => dt.name === goal.name).id; + const goalTemplateId = distinctTemplates.find((dt) => dt.name === goal.name).id; return { ...goal, goalTemplateId }; }); // Update all the goals with their template id. From f41e3b78a17cc75b54eeaa98df575733e51f8765 Mon Sep 17 00:00:00 2001 From: Matt Bevilacqua Date: Tue, 27 Aug 2024 11:10:45 -0400 Subject: [PATCH 8/9] Mysteriously, update yarn audit --- frontend/yarn-audit-known-issues | 80 ++++++++++++++++---------------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/frontend/yarn-audit-known-issues b/frontend/yarn-audit-known-issues index b36de4ba33..0084f6081a 100644 --- a/frontend/yarn-audit-known-issues +++ b/frontend/yarn-audit-known-issues @@ -1,43 +1,43 @@ {"type":"auditAdvisory","data":{"resolution":{"id":1097682,"path":"react-scripts>jest>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.0","paths":["react-scripts>jest>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-runner>jest-environment-jsdom>jsdom>tough-cookie"]}],"metadata":null,"vulnerable_versions":"<4.1.3","module_name":"tough-cookie","severity":"moderate","github_advisory_id":"GHSA-72xf-g2v4-qvf3","cves":["CVE-2023-26136"],"access":"public","patched_versions":">=4.1.3","cvss":{"score":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},"updated":"2024-06-21T21:33:53.000Z","recommendation":"Upgrade to version 4.1.3 or later","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1097682,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-26136\n- https://github.com/salesforce/tough-cookie/issues/282\n- https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e\n- https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3\n- https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873\n- https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ\n- https://security.netapp.com/advisory/ntap-20240621-0006\n- https://github.com/advisories/GHSA-72xf-g2v4-qvf3","created":"2023-07-01T06:30:16.000Z","reported_by":null,"title":"tough-cookie Prototype Pollution vulnerability","npm_advisory_id":null,"overview":"Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in `rejectPublicSuffixes=false` mode. This issue arises from the manner in which the objects are initialized.","url":"https://github.com/advisories/GHSA-72xf-g2v4-qvf3"}}} {"type":"auditAdvisory","data":{"resolution":{"id":1097682,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.0","paths":["react-scripts>jest>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-runner>jest-environment-jsdom>jsdom>tough-cookie"]}],"metadata":null,"vulnerable_versions":"<4.1.3","module_name":"tough-cookie","severity":"moderate","github_advisory_id":"GHSA-72xf-g2v4-qvf3","cves":["CVE-2023-26136"],"access":"public","patched_versions":">=4.1.3","cvss":{"score":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},"updated":"2024-06-21T21:33:53.000Z","recommendation":"Upgrade to version 4.1.3 or later","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1097682,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-26136\n- https://github.com/salesforce/tough-cookie/issues/282\n- https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e\n- https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3\n- https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873\n- https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ\n- https://security.netapp.com/advisory/ntap-20240621-0006\n- https://github.com/advisories/GHSA-72xf-g2v4-qvf3","created":"2023-07-01T06:30:16.000Z","reported_by":null,"title":"tough-cookie Prototype Pollution vulnerability","npm_advisory_id":null,"overview":"Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in `rejectPublicSuffixes=false` mode. This issue arises from the manner in which the objects are initialized.","url":"https://github.com/advisories/GHSA-72xf-g2v4-qvf3"}}} {"type":"auditAdvisory","data":{"resolution":{"id":1097682,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>jest-runner>jest-environment-jsdom>jsdom>tough-cookie","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.0","paths":["react-scripts>jest>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-runner>jest-environment-jsdom>jsdom>tough-cookie"]}],"metadata":null,"vulnerable_versions":"<4.1.3","module_name":"tough-cookie","severity":"moderate","github_advisory_id":"GHSA-72xf-g2v4-qvf3","cves":["CVE-2023-26136"],"access":"public","patched_versions":">=4.1.3","cvss":{"score":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},"updated":"2024-06-21T21:33:53.000Z","recommendation":"Upgrade to version 4.1.3 or later","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1097682,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-26136\n- https://github.com/salesforce/tough-cookie/issues/282\n- https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e\n- https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3\n- https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873\n- https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ\n- https://security.netapp.com/advisory/ntap-20240621-0006\n- https://github.com/advisories/GHSA-72xf-g2v4-qvf3","created":"2023-07-01T06:30:16.000Z","reported_by":null,"title":"tough-cookie Prototype Pollution vulnerability","npm_advisory_id":null,"overview":"Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in `rejectPublicSuffixes=false` mode. This issue arises from the manner in which the objects are initialized.","url":"https://github.com/advisories/GHSA-72xf-g2v4-qvf3"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>tailwindcss>fast-glob>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>react-dev-utils>globby>fast-glob>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest-resolve>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>babel-jest>@jest/transform>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>@jest/transform>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>eslint-webpack-plugin>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>jest-config>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>tailwindcss>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"http-proxy-middleware>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>webpack-dev-server>http-proxy-middleware>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>tailwindcss>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>react-dev-utils>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest-resolve>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>babel-jest>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>eslint-webpack-plugin>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>jest-config>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>tailwindcss>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"http-proxy-middleware>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>webpack-dev-server>http-proxy-middleware>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} From 2bcd285f9b4bf7bcd6872bcae30fab29a5d6660f Mon Sep 17 00:00:00 2001 From: Matt Bevilacqua Date: Tue, 27 Aug 2024 13:53:30 -0400 Subject: [PATCH 9/9] why not fix objectives too? --- src/models/hooks/activityReport.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/models/hooks/activityReport.js b/src/models/hooks/activityReport.js index f414dd8858..631905cb20 100644 --- a/src/models/hooks/activityReport.js +++ b/src/models/hooks/activityReport.js @@ -221,7 +221,7 @@ const propagateSubmissionStatus = async (sequelize, instance, options) => { // Add the corresponding template id to each of the objectives. objectives = objectives.map((objective) => { const objectiveTemplateId = distinctTemplates - .filter((dt) => dt.title === objective.title).id; + .find((dt) => dt.title === objective.title).id; return { ...objective, objectiveTemplateId }; }); // Update all the objectives with their template id.