[MD]Remove endpoint validation for create data source saved object AP…
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
WS-2017-3772Vulnerable Source Files: ❌ /packages/osd-ui-framework/node_modules/underscore.string/unescapeHTML.js |
 High |
7.5 | juice-shopjuice-shop-14.0.0_node14_darwin_x64 | Upgrade to version: underscore.string - 3.3.5 | #4734 |
CVE-2024-4068Path to dependency file: /package.json Path to vulnerable library: /node_modules/micromatch/node_modules/braces/package.json,/node_modules/chokidar/node_modules/braces/package.json Dependency Hierarchy: -> chokidar-3.5.3.tgz (Root Library) -> ❌ braces-3.0.2.tgz (Vulnerable Library) |
High |
7.5 | braces-3.0.2.tgz | Upgrade to version: braces - 3.0.3 | #6792 |
CVE-2024-4068Path to dependency file: /package.json Path to vulnerable library: /node_modules/braces/package.json,/node_modules/@osd/optimizer/node_modules/braces/package.json Dependency Hierarchy: -> @osd/optimizer-1.0.0.tgz (Root Library) -> watchpack-1.1.7.tgz -> chokidar-2.1.8.tgz -> ❌ braces-2.3.2.tgz (Vulnerable Library) |
High |
7.5 | braces-2.3.2.tgz | Upgrade to version: braces - 3.0.3 | #6792 |
| High |
7.5 | lportalliferay-ce-portal-src-7.3.5-ga6-20200930172312275 | Upgrade to version: braces - 3.0.3 | #6792 | |
CVE-2023-26156Path to dependency file: /package.json Path to vulnerable library: /node_modules/chromedriver/package.json Dependency Hierarchy: -> ❌ chromedriver-107.0.3.tgz (Vulnerable Library) |
High |
7.5 | chromedriver-107.0.3.tgz | Upgrade to version: chromedriver - 119.0.1 | None |
| High |
7.5 | lportalliferay-ce-portal-src-7.3.5-ga6-20200930172312275 | Upgrade to version: 6.0.3 | #4726 | |
CVE-2024-4067Path to dependency file: /package.json Path to vulnerable library: /node_modules/@osd/eslint-plugin-eslint/node_modules/micromatch/package.json,/node_modules/@osd/optimizer/node_modules/micromatch/package.json,/node_modules/@types/globby/node_modules/micromatch/package.json Dependency Hierarchy: -> globby-8.0.0.tgz (Root Library) -> fast-glob-2.2.7.tgz -> ❌ micromatch-3.1.10.tgz (Vulnerable Library) |
 Medium |
5.3 | micromatch-3.1.10.tgz | Upgrade to version: micromatch - 4.0.6 | #6791 |
CVE-2024-4067Path to dependency file: /package.json Path to vulnerable library: /node_modules/micromatch/package.json Dependency Hierarchy: -> @elastic/safer-lodash-set-0.0.0.tgz (Root Library) -> dependency-check-4.1.0.tgz -> ❌ micromatch-4.0.5.tgz (Vulnerable Library) |
Medium |
5.3 | micromatch-4.0.5.tgz | Upgrade to version: micromatch - 4.0.6 | #6791 |
| Medium |
5.3 | juice-shopjuice-shop-14.0.0_node14_darwin_x64 | Upgrade to version: micromatch - 4.0.6 | #6791 | |
| Medium |
5.3 | lportalliferay-ce-portal-src-7.3.5-ga6-20200930172312275 | Upgrade to version: micromatch - 4.0.6 | #6791 |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| WS-2017-3772 | juice-shop-juice-shop-14.5.1_node16_darwin_x64 |
| CVE-2023-28155 | request-2.88.12.tgz |
| CVE-2024-4067 | juice-shop-juice-shop-15.2.0_node16_win32_x64 |
Base branch total remaining vulnerabilities: 16
Base branch commit: 47bd3917ed6bcdcfc384c9e625bc387ce6c8def9
Total libraries scanned: 2527
Scan token: 8ed7dca45f554b0eafab428cdff72ea4