[Apiiro] Apiiro SCA OSS Vulnerabilities - Critical Severity · Critical Risk

[AhmedThebaSecurrency]

Please see if we can update

Discovered on: Mar 07, 2024 12:30
Dependency: @babel/traverse
Version: 7.20.13
Type: Sub dependency
Introduced through:

• @docusaurus/core: 2.3.1 > @babel/traverse: 7.20.13
• @docusaurus/core: 2.3.1 > @docusaurus/mdx-loader: 2.3.1 > @babel/traverse: 7.20.13
• @docusaurus/core: 2.3.1 > @babel/preset-env: 7.20.2 > @babel/helper-compilation-targets: 7.20.7 > @babel/core: 7.20.12 > @babel/traverse: 7.20.13
• @docusaurus/core: 2.3.1 > @babel/preset-env: 7.20.2 > @babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression: 7.18.6 > @babel/core: 7.20.12 > @babel/traverse: 7.20.13
• @docusaurus/core: 2.3.1 > @babel/preset-env: 7.20.2 > @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining: 7.20.7 > @babel/core: 7.20.12 > @babel/traverse: 7.20.13
• @docusaurus/preset-classic: 2.3.1 > @docusaurus/plugin-content-blog: 2.3.1 > @docusaurus/mdx-loader: 2.3.1 > @babel/traverse: 7.20.13
• @docusaurus/preset-classic: 2.3.1 > @docusaurus/plugin-content-docs: 2.3.1 > @docusaurus/mdx-loader: 2.3.1 > @babel/traverse: 7.20.13
• @docusaurus/preset-classic: 2.3.1 > @docusaurus/plugin-content-pages: 2.3.1 > @docusaurus/mdx-loader: 2.3.1 > @babel/traverse: 7.20.13
• @docusaurus/preset-classic: 2.3.1 > @docusaurus/theme-classic: 2.3.1 > @docusaurus/mdx-loader: 2.3.1 > @babel/traverse: 7.20.13
• @docusaurus/preset-classic: 2.3.1 > @docusaurus/theme-common: 2.3.1 > @docusaurus/mdx-loader: 2.3.1 > @babel/traverse: 7.20.13

Vulnerabilities

• Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code with CVSS score 9.4. fixed version: 7.23.2
• Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code with CVSS score 9.4. fixed version: 7.23.2

About this package:

External dependency: @babel/traverse
Package details: The Babel Traverse module maintains the overall tree state, and is responsible for replacing, removing, and adding nodes
Latest version: 7.24.5
License: MIT
Insights:

• Adequate count maintainers - This package is maintained by at least 3 developers
• Has vulnerabilities - One or more vulnerabilities have been reported for this package
• Public repository - This is a repository accessible by the general public

Remediation

Recommended fix version: 7.23.2
Upgrading will fix all current vulnerabilities.
✅ No known vulnerabilities for the recommended version.

This is a sub-dependency

In order to update its version, you may need to upgrade the following top-level dependencies:

• @docusaurus/core (Dependency declared in docs/package-lock.json)
• @docusaurus/preset-classic (Dependency declared in docs/package-lock.json)

View in Apiiro

[natarajrocky]

how to store data in local database in flutter using shared preference and get the data