From aa9d63cbcc273b2d2903ae6c34396fa12ece1bea Mon Sep 17 00:00:00 2001 From: Munish Sharma Date: Fri, 27 Dec 2024 13:36:06 +0000 Subject: [PATCH] yarn audit update --- yarn-audit-known-issues | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yarn-audit-known-issues b/yarn-audit-known-issues index 32ced5161..266c8724e 100644 --- a/yarn-audit-known-issues +++ b/yarn-audit-known-issues @@ -1 +1 @@ -{"actions":[],"advisories":{"1101092":{"findings":[{"version":"3.3.1","paths":["@angular/ssr>critters>postcss>nanoid"]}],"found_by":null,"deleted":null,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-55565\n- https://github.com/ai/nanoid/pull/510\n- https://github.com/ai/nanoid/compare/3.3.7...3.3.8\n- https://github.com/ai/nanoid/releases/tag/5.0.9\n- https://github.com/advisories/GHSA-mwcw-c2x4-8c55","created":"2024-12-09T03:30:59.000Z","id":1101092,"npm_advisory_id":null,"overview":"nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.","reported_by":null,"title":"Infinite loop in nanoid","metadata":null,"cves":["CVE-2024-55565"],"access":"public","severity":"low","module_name":"nanoid","vulnerable_versions":"<3.3.8","github_advisory_id":"GHSA-mwcw-c2x4-8c55","recommendation":"Upgrade to version 3.3.8 or later","patched_versions":">=3.3.8","updated":"2024-12-09T22:42:44.000Z","cvss":{"score":0,"vectorString":null},"cwe":["CWE-835"],"url":"https://github.com/advisories/GHSA-mwcw-c2x4-8c55"}},"muted":[],"metadata":{"vulnerabilities":{"info":0,"low":1,"moderate":0,"high":0,"critical":0},"dependencies":423,"devDependencies":129,"optionalDependencies":0,"totalDependencies":552}} +{"actions":[],"advisories":{"1101163":{"findings":[{"version":"3.3.1","paths":["@angular/ssr>critters>postcss>nanoid"]}],"found_by":null,"deleted":null,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-55565\n- https://github.com/ai/nanoid/pull/510\n- https://github.com/ai/nanoid/compare/3.3.7...3.3.8\n- https://github.com/ai/nanoid/releases/tag/5.0.9\n- https://github.com/advisories/GHSA-mwcw-c2x4-8c55","created":"2024-12-09T03:30:59.000Z","id":1101163,"npm_advisory_id":null,"overview":"When nanoid is called with a fractional value, there were a number of undesirable effects:\n\n1. in browser and non-secure, the code infinite loops on while (size--)\n2. in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled\n3. if the first call in node is a fractional argument, the initial buffer allocation fails with an error\n\nVersion 3.3.8 and 5.0.9 are fixed.","reported_by":null,"title":"Predictable results in nanoid generation when given non-integer values","metadata":null,"cves":["CVE-2024-55565"],"access":"public","severity":"moderate","module_name":"nanoid","vulnerable_versions":"<3.3.8","github_advisory_id":"GHSA-mwcw-c2x4-8c55","recommendation":"Upgrade to version 3.3.8 or later","patched_versions":">=3.3.8","updated":"2024-12-13T22:57:32.000Z","cvss":{"score":4.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},"cwe":["CWE-835"],"url":"https://github.com/advisories/GHSA-mwcw-c2x4-8c55"}},"muted":[],"metadata":{"vulnerabilities":{"info":0,"low":0,"moderate":1,"high":0,"critical":0},"dependencies":423,"devDependencies":129,"optionalDependencies":0,"totalDependencies":552}}