Merge pull request #6 from redhat-marketplace/whitesource/configure
IBM Mend app / Mend Security Check
failed
Jul 22, 2024 in 1m 36s
Security Report
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2024-37890Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ ws-7.5.9.tgz (Vulnerable Library) |
 High |
7.5 | ws-7.5.9.tgz | Upgrade to version: ws - 5.2.4,6.2.3,7.5.10,8.17.1 | None |
CVE-2024-28863Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> bcrypt-5.1.1.tgz (Root Library) -> node-pre-gyp-1.0.11.tgz -> ❌ tar-6.2.0.tgz (Vulnerable Library) |
 Medium |
6.5 | tar-6.2.0.tgz | Upgrade to version: tar - 6.2.1 | None |
CVE-2024-28849Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> axios-1.6.7.tgz (Root Library) -> ❌ follow-redirects-1.15.5.tgz (Vulnerable Library) |
Medium |
6.5 | follow-redirects-1.15.5.tgz | Upgrade to version: follow-redirects - 1.15.6 | None |
CVE-2024-29041Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ express-4.18.3.tgz (Vulnerable Library) |
Medium |
6.1 | express-4.18.3.tgz | Upgrade to version: express - 4.19.0 | None |
Total libraries scanned: 529
Scan token: 7724965a26684f72a3de867826af4262
Loading