[Snyk] Security upgrade execa from 0.6.3 to 9.6.0

[weinrich15]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• extensions/vscode/server/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	756

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[weinrich15]

Checkmarx One – Scan Summary & Details – cfa77b6a-c8fb-4d6b-9c91-771f6ac4aa11

New Issues (125)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2020-8165	Ruby-activesupport-5.1.7	details Recommended version: 6.1.7.5 Description: A deserialization of untrusted data vulnerability exists in rails 5.0.x prior to 5.2.4.3, rails 6.0.x prior to 6.0.3.1 that can allow an attacker t... Attack Vector: NETWORK Attack Complexity: LOW ID: QTbilKnaIEIPLceO44VgBxx3FnOH8lU0%2BkVaAUuv62Y%3D Vulnerable Package
	CVE-2021-3918	Npm-json-schema-0.2.3	details Recommended version: 0.4.0 Description: json-schema before 0.4.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Attack Vector: NETWORK Attack Complexity: LOW ID: Ld7hK8H%2F%2B0UsQTSIDaGYsMb%2FIWDa44ELyhYgUVQ5Q98%3D Vulnerable Package
	CVE-2021-44906	Npm-minimist-0.0.8	details Recommended version: 0.2.3 Description: Minimist through 1.2.5 is vulnerable to Prototype Pollution via file "index.js", function "setKey()" (lines 69-95). Attack Vector: NETWORK Attack Complexity: LOW ID: k2yIypAXnGz4ii3a6%2BEmMXQ0IrBNsxsUc%2BRvPIWgqtc%3D Vulnerable Package
	CVE-2022-0686	Npm-url-parse-1.4.4	details Recommended version: 1.5.9 Description: Authorization Bypass through User-Controlled Key in NPM url-parse prior to 1.5.8. When no port number is provided in the "url", url-parse is unable... Attack Vector: NETWORK Attack Complexity: LOW ID: s0OR%2FXp5pBVQrF4pnlLA8o5NqaCOiSTHzqC5MlVdiNE%3D Vulnerable Package
	CVE-2022-32224	Ruby-activerecord-5.1.7	details Recommended version: 6.1.7.1 Description: A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record which could allow an attacker, that can manip... Attack Vector: NETWORK Attack Complexity: LOW ID: D%2BIB6DwFdLqwpP5DFfkM7OSddVH1pMVTzPor2aVv45Y%3D Vulnerable Package
	CVE-2023-26136	Npm-tough-cookie-2.4.3	details Recommended version: 4.1.3 Description: The package tough-cookie in versions prior to 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar ... Attack Vector: NETWORK Attack Complexity: LOW ID: sf1WoNYdUTd6nHk%2Fav6eE2CO2su7DSFmLLZk93ZQ88A%3D Vulnerable Package
	CVE-2023-40175	Ruby-puma-3.12.6	details Recommended version: 5.6.9 Description: Puma is a Ruby/Rack web server built for parallelism. In versions 5.6.6, and 6.0.0 through 6.3., puma exhibited incorrect behavior when parsing chu... Attack Vector: NETWORK Attack Complexity: LOW ID: urm%2FMwgPq3D%2Bfl5hUllLqPJaZwdu%2BUJrstAYlkqbLHQ%3D Vulnerable Package
	Cx6f6f1276-7a2e	Npm-tar-2.2.1	details Recommended version: 6.2.1 Description: Tar is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file th... Attack Vector: NETWORK Attack Complexity: LOW ID: PMmaiIJpOFH5MrYvX8phWrrVJPr0OHhPQUIiHQ3nLGQ%3D Vulnerable Package
	CVE-2017-12963	Ruby-sassc-2.4.0	details Description: There is an illegal address access in "Sass::Eval::operator()" in "eval.cpp" of libsass package, leading to a remote Denial of Service attack. NOTE... Attack Vector: NETWORK Attack Complexity: LOW ID: h6tgoyJNVYOnR5shEwzeaGpOVpcWkebJ0ts49AsffUs%3D Vulnerable Package
	CVE-2017-12964	Ruby-sassc-2.4.0	details Description: There is a stack consumption issue in all versions of LibSass, that is triggered in the function "Sass::Eval::operator()" in "eval.cpp". It will le... Attack Vector: NETWORK Attack Complexity: LOW ID: abM3lRBLsx3R%2FgDmLZkuikBU%2BEuJ7ECg6WwoRorlw%2B4%3D Vulnerable Package
	CVE-2017-17919	Ruby-rails-5.1.7	details Description: SQL injection vulnerability in the 'order' method in Ruby on Rails allows remote attackers to execute arbitrary SQL commands via the 'id desc' para... Attack Vector: NETWORK Attack Complexity: HIGH ID: ZRqq48CmsU%2BC%2FMuDAqkKN5pJv48KQ0VjAOZWNaxUNkY%3D Vulnerable Package
	CVE-2017-17920	Ruby-rails-5.1.7	details Description: SQL injection vulnerability in the 'reorder' method in Ruby on Rails allows remote attackers to execute arbitrary SQL commands via the 'name' param... Attack Vector: NETWORK Attack Complexity: HIGH ID: lHCvgkRilZuc1Gzk0oUJfYbbJdbKgjqTuG2ZFWQCp0k%3D Vulnerable Package
	CVE-2018-20834	Npm-tar-2.2.1	details Recommended version: 6.2.1 Description: A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a ta... Attack Vector: NETWORK Attack Complexity: LOW ID: 0EkCTc7ltTM%2FbZ8CUh9awgXNK%2FQrN01yYqEHv8q0yJg%3D Vulnerable Package
	CVE-2019-13173	Npm-fstream-1.0.11	details Recommended version: 1.0.12 Description: fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the sys... Attack Vector: NETWORK Attack Complexity: LOW ID: Yr%2Fod8Etpf4M7qkBJiMytqwa8LJlpdddoqkOZ3vgjg4%3D Vulnerable Package
	CVE-2019-20149	Npm-kind-of-6.0.2	details Recommended version: 6.0.3 Description: ctorName in index.js in kind-of v6.0.0 through v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, a... Attack Vector: NETWORK Attack Complexity: LOW ID: pyO8Hc3OUmCb4vvadFrhrR4U1Wo8cKKBysFcdXAUzj0%3D Vulnerable Package
	CVE-2020-28469	Npm-glob-parent-3.1.0	details Recommended version: 5.1.2 Description: In glob-parent prior to 5.1.2 the way that the `enclosure` regex in `index.js` is defined could allow an attacker to exploit it, and cause a Denial... Attack Vector: NETWORK Attack Complexity: LOW ID: 1KgOaMqIDAoqNLiD1ZOm9Ai9eTAARj6VonvzR8yE3TA%3D Vulnerable Package
	CVE-2020-28469	Npm-glob-parent-2.0.0	details Recommended version: 5.1.2 Description: In glob-parent prior to 5.1.2 the way that the `enclosure` regex in `index.js` is defined could allow an attacker to exploit it, and cause a Denial... Attack Vector: NETWORK Attack Complexity: LOW ID: NkWPfY%2Fq6U2fT9QFtuwzrlZysMGBqSJIMShu9ieFiBk%3D Vulnerable Package
	CVE-2020-8164	Ruby-actionpack-5.1.7	details Recommended version: 7.0.8.7 Description: A deserialization of untrusted data vulnerability exists in rails 5.0.x prior to 5.2.4.3, rails 6.0.x prior to 6.0.3.1 which can allow an attacker ... Attack Vector: NETWORK Attack Complexity: LOW ID: tyJz6sO2C%2BRy1YeKtFSWWcPIyQ%2Fht%2F7yXFM6DF2XjPc%3D Vulnerable Package
	CVE-2021-22880	Ruby-activerecord-5.1.7	details Recommended version: 6.1.7.1 Description: The PostgreSQL adapter in Active Record 5.0.x prior to 5.2.4.5, 6.0.x prior to 6.0.3.5, and 6.1.x prior to 6.1.2.1 suffers from a regular expressio... Attack Vector: NETWORK Attack Complexity: LOW ID: OVedk55nMBckyRhpJ2Insu1mPn1JkXyVfZ%2Fk7I%2BTKEw%3D Vulnerable Package
	CVE-2021-22885	Ruby-actionpack-5.1.7	details Recommended version: 7.0.8.7 Description: A possible information disclosure / unintended method execution vulnerability in Action Pack 2.0.0 prior to 5.2.4.6, 5.2.5 prior to 5.2.6, 6.0.0 pr... Attack Vector: NETWORK Attack Complexity: LOW ID: 5HDYkJKaj3QHo4J%2Bxak6J412pkrt0JVlwcCspHMb%2B4c%3D Vulnerable Package
	CVE-2021-22904	Ruby-actionpack-5.1.7	details Recommended version: 7.0.8.7 Description: The actionpack ruby gem versions before 5.2.4.6, 5.2.5, 6.0.0 through 6.0.3.6, 6.1.0 through 6.1.3.1 suffers from a possible denial of service vu... Attack Vector: NETWORK Attack Complexity: LOW ID: BQFQDyzNN0cNwVtLQJm3lEl6mUDzo47JiOf2dTxtSJ0%3D Vulnerable Package
	CVE-2021-29509	Ruby-puma-3.12.6	details Recommended version: 5.6.9 Description: Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existin... Attack Vector: NETWORK Attack Complexity: LOW ID: s1cH2%2BAojqskHJW8lNR2OPVTkx%2BDGiIV6PD302jLU8s%3D Vulnerable Package
	CVE-2021-32803	Npm-tar-2.2.1	details Recommended version: 6.2.1 Description: The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via ins... Attack Vector: NETWORK Attack Complexity: LOW ID: O71d2Q4yeZlbfPOyEy7JvDzZRYSdGd3a6H4l2mkbGwA%3D Vulnerable Package
	CVE-2021-32804	Npm-tar-2.2.1	details Recommended version: 6.2.1 Description: The npm package "tar" (aka node-tar) versions prior to 3.2.2 and 4.x prior to 4.4.14, 5.x prior to 5.0.6 and 6.x prior to 6.1.1 has a arbitrary Fil... Attack Vector: NETWORK Attack Complexity: LOW ID: 3EiyBB132KRKrTBwFuEKP6Ej3oKQU6HTx%2FWjcRcBAfg%3D Vulnerable Package
	CVE-2021-37701	Npm-tar-2.2.1	details Recommended version: 6.2.1 Description: The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution... Attack Vector: LOCAL Attack Complexity: LOW ID: MTEOWzgTpg9EKW2vz0NFnsQWZy7HyeFtfrZALbAhRa8%3D Vulnerable Package
	CVE-2021-37712	Npm-tar-2.2.1	details Recommended version: 6.2.1 Description: The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code executio... Attack Vector: LOCAL Attack Complexity: LOW ID: 2agT876FBDHPoXWJwTxAPDKwVkgcGmIMAzcXVZX%2BrzA%3D Vulnerable Package
	CVE-2021-37713	Npm-tar-2.2.1	details Recommended version: 6.2.1 Description: The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code executio... Attack Vector: LOCAL Attack Complexity: LOW ID: MgiCKUZWSEFRf37Sm9LruFGB9mhfCFrfCj5yl38xOz8%3D Vulnerable Package
	CVE-2021-43138	Npm-async-1.0.0	details Recommended version: 2.6.4 Description: In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the "mapValues()" method, aka "lib/internal/iterator.js" "cr... Attack Vector: LOCAL Attack Complexity: LOW ID: liU7zDU3ZlDHpvx%2B%2F2km83EDv4C9hABHdo2mOOFpfws%3D Vulnerable Package
	CVE-2022-24790	Ruby-puma-3.12.6	details Recommended version: 5.6.9 Description: Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly ... Attack Vector: NETWORK Attack Complexity: LOW ID: VMlben1ahZNB8GOpL7xKxwp9%2FJ9B%2Fbgt7pnMVWLf3jU%3D Vulnerable Package
	CVE-2022-24999	Npm-qs-6.5.2	details Recommended version: 6.5.3 Description: The qs package as used in Express through 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application becau... Attack Vector: NETWORK Attack Complexity: LOW ID: YuSdyaILDv8xmHkoz3Lv5oc8IuyDlGcRiyNDJokUbNQ%3D Vulnerable Package
	CVE-2022-25883	Npm-semver-5.6.0	details Recommended version: 5.7.2 Description: The package semver versions prior to 5.7.2, 6.x through 6.3.0 and 7.x through 7.5.1 are vulnerable to Regular Expression Denial of Service (ReDoS) ... Attack Vector: NETWORK Attack Complexity: LOW ID: RRyva%2Bb4SQFnronmdbSMy6UiG2cH3VQJ84GiWJOTFTw%3D Vulnerable Package
	CVE-2022-26592	Ruby-sassc-2.4.0	details Description: Stack Overflow vulnerability in libsass package versions prior to 3.6.6, via the "CompoundSelector::has_real_parent_ref" function. This has the sam... Attack Vector: NETWORK Attack Complexity: LOW ID: yPYFNHRlkUM5mUwJNDrzPaEu9H0z6aEEtGSdsodnv94%3D Vulnerable Package
	CVE-2022-3517	Npm-minimatch-3.0.4	details Recommended version: 3.0.5 Description: A vulnerability was found in the minimatch package versions prior to 3.0.5. This flaw allows a Regular Expression Denial of Service (ReDoS) when ca... Attack Vector: NETWORK Attack Complexity: LOW ID: tEko0DILY2DoRzXFw%2Fh8bgSvzvrl0yLgk%2Bxzmf1BARI%3D Vulnerable Package
	CVE-2022-43357	Ruby-sassc-2.4.0	details Description: Stack overflow vulnerability in "ast_selectors.cpp" in function "Sass::CompoundSelector::has_real_parent_ref" in libsass, which attackers can explo... Attack Vector: NETWORK Attack Complexity: LOW ID: 8tfPQ4eyPKuEoIbWi4YPcGSI8nUK9dSB4ptZS%2Fv28bM%3D Vulnerable Package
	CVE-2022-43358	Ruby-sassc-2.4.0	details Description: Stack overflow vulnerability in "ast_selectors.cpp" in function "Sass::ComplexSelector::has_placeholder" which can be exploited by attackers to cau... Attack Vector: NETWORK Attack Complexity: LOW ID: PCGI6qA43%2B3g00azn%2BXxnK14puVAOrxrmptfCTivjO0%3D Vulnerable Package
	CVE-2022-44566	Ruby-activerecord-5.1.7	details Recommended version: 6.1.7.1 Description: A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter versions through 5.2.8.1, 6.0.0.beta1 through 6.1.7, and 7.0.0.alph... Attack Vector: NETWORK Attack Complexity: LOW ID: G73yTc2N85Go%2F8dsqF7q85A1knnS6IdnQfyUYyYS1Lc%3D Vulnerable Package
	CVE-2022-44570	Ruby-rack-2.2.3.1	details Recommended version: 2.2.14 Description: A denial of service vulnerability in the Range header parsing component of Rack versions 1.5.0.beta.1 through 2.0.9.1, 2.1.0 through 2.1.4.1, 2.2.0... Attack Vector: NETWORK Attack Complexity: LOW ID: SnRdt3ZbGQx62yUwYirirgTCYWvUiNB6ToKssAwD7bs%3D Vulnerable Package
	CVE-2022-44571	Ruby-rack-2.2.3.1	details Recommended version: 2.2.14 Description: There is a denial of service vulnerability in the "Content-Disposition" parsingcomponent of Rack versions 2.0.x prior to 2.0.9.2, 2.1.x prior to 2.... Attack Vector: NETWORK Attack Complexity: LOW ID: FSdmtv%2BPXxd9VYRujDU9Vh5jzklgkiFdy7bf0CcbLbI%3D Vulnerable Package
	CVE-2022-44572	Ruby-rack-2.2.3.1	details Recommended version: 2.2.14 Description: A denial of service vulnerability in the multipart parsing component of Rack versions 2.0.x prior to 2.0.9.2, 2.1.x prior to 2.1.4.2, 2.2.x prior t... Attack Vector: NETWORK Attack Complexity: LOW ID: Sro1sd4DXPL7yB8kxc5vDNAKjQMukxZHug6Pk9nXm%2BU%3D Vulnerable Package
	CVE-2023-22792	Ruby-actionpack-5.1.7	details Recommended version: 7.0.8.7 Description: A regular expression based DoS vulnerability in Action Dispatch versions 3.0.0.beta through 5.2.8.1, 6.0.0.beta1 through 6.1.7 and 7.0.0.alpha1 thr... Attack Vector: NETWORK Attack Complexity: LOW ID: rcAf298WWiDca0E%2Fwsxi%2FfvHAYSdWLBtVnP2JaR7YLE%3D Vulnerable Package
	CVE-2023-22795	Ruby-actionpack-5.1.7	details Recommended version: 7.0.8.7 Description: A regular expression based DoS vulnerability in Action Dispatch related to the "If-None-Match" header. This vulnerability affects versions throug... Attack Vector: NETWORK Attack Complexity: LOW ID: q4%2FAe4AqxoJHZFSsgBaUXfrhvIuaGhCC4PkRalhgros%3D Vulnerable Package
	CVE-2023-22796	Ruby-activesupport-5.1.7	details Recommended version: 6.1.7.5 Description: A regular expression based DoS vulnerability in activesupport versions through 5.2.8.1, 6.0.0.beta1 through 6.1.7, and 7.0.0.alpha1 through 7.0.4.... Attack Vector: NETWORK Attack Complexity: LOW ID: z9nytie30P3Ormt1y3W6Brp6daIXsp96LOWzJFDGItQ%3D Vulnerable Package
	CVE-2023-27530	Ruby-rack-2.2.3.1	details Recommended version: 2.2.14 Description: A DoS vulnerability exists in Rack versions through 2.0.9.2, 2.1.0 through 2.1.4.2 , 2.2.0 through 2.2.6.2, 3.0.0.beta1 through 3.0.4.1 within in t... Attack Vector: NETWORK Attack Complexity: LOW ID: 5hDUZeG0toDfhC7li3Aq464WWSDPpUFNkdBDRyWfsTw%3D Vulnerable Package
	CVE-2024-21538	Npm-cross-spawn-5.1.0	details Recommended version: 6.0.6 Description: Versions of the package cross-spawn prior to 6.0.6 and 7.x prior to 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS), due to im... Attack Vector: NETWORK Attack Complexity: LOW ID: jmYagARVeAGOe%2FzvXt70FYgDiv8gu00hQtTtrsoZ5nk%3D Vulnerable Package
	CVE-2024-21647	Ruby-puma-3.12.6	details Recommended version: 5.6.9 Description: Puma is a web server for Ruby/Rack applications built for parallelism. In versions prior to 5.6.8, and 6.0.x prior to 6.4.2, puma exhibited incorre... Attack Vector: NETWORK Attack Complexity: LOW ID: O6h4sfZ1kD42cI5EA%2BFNICqdVdKZTopvS6m2%2B4koQjM%3D Vulnerable Package
	CVE-2024-25126	Ruby-rack-2.2.3.1	details Recommended version: 2.2.14 Description: Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack's media type parser to take much longer than exp... Attack Vector: NETWORK Attack Complexity: LOW ID: x8lGRM4nNk0LVU9%2BfvTh6aRfyeK%2B4HpEo%2FsIiIfZnnc%3D Vulnerable Package
	CVE-2024-26141	Ruby-rack-2.2.3.1	details Recommended version: 2.2.14 Description: Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Res... Attack Vector: NETWORK Attack Complexity: LOW ID: WvH12iFAJ%2F3mEZuu2iSMjafyyNdRtt15KUDLaWVADSk%3D Vulnerable Package
	CVE-2024-26146	Ruby-rack-2.2.3.1	details Recommended version: 2.2.14 Description: Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a... Attack Vector: NETWORK Attack Complexity: LOW ID: 3RxMNKRWd%2Fsrz88GRKy5KEbqC51fvOgpAEskxgs69W8%3D Vulnerable Package
	CVE-2024-4068	Npm-braces-1.8.5	details Recommended version: 3.0.3 Description: The NPM package "braces", versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In... Attack Vector: NETWORK Attack Complexity: LOW ID: ksnO4DM9FbnvpGGIOwtPUy40MaOZHZdodYa40pHQRgs%3D Vulnerable Package
	CVE-2025-25184	Ruby-rack-2.2.3.1	details Recommended version: 2.2.14 Description: Rack provides an interface for developing web applications in Ruby. The `Rack::CommonLogger` can be exploited by crafting input that includes newli... Attack Vector: NETWORK Attack Complexity: LOW ID: 9GkUERaL02Sc2v2uo4sKYNGAhS2uedg5MD1vGA0iFqw%3D Vulnerable Package
	CVE-2025-27610	Ruby-rack-2.2.3.1	details Recommended version: 2.2.14 Description: Rack provides an interface for developing web applications in Ruby. In versions prior to 2.2.13, 3.0.x prior to 3.0.14, and 3.1.x prior to 3.1.12, ... Attack Vector: NETWORK Attack Complexity: LOW ID: jNkk5VNuJs6Bgg%2BESpDzi3qIFHoXu3s2k%2BZcYxci%2B9g%3D Vulnerable Package
	CVE-2025-46727	Ruby-rack-2.2.3.1	details Recommended version: 2.2.14 Description: Rack is a modular Ruby web server interface. In affected versions prior to 2.2.14, 3.0.x prior to 3.0.16, and 3.1.x prior to 3.1.14, "Rack::QueryPa... Attack Vector: NETWORK Attack Complexity: LOW ID: NXxzSZq32iJ285%2FMw2g2vLNTjJjzMTvuAHZmm%2BabKBE%3D Vulnerable Package
	Cx17c4a5a4-deb7	Npm-diff-3.3.1	details Recommended version: 3.5.0 Description: A vulnerability was found in diff versions 2.1.0 through 3.4.0. The affected versions of this package are vulnerable to Regular Expression Denial o... Attack Vector: NETWORK Attack Complexity: HIGH ID: HD5s03DeibDQuYvsJnDHnU9oqZptLJkQ%2BMLoLQqUQOg%3D Vulnerable Package
	Cx2d55b83a-7aa0	Npm-braces-1.8.5	details Recommended version: 3.0.3 Description: Braces is vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular ex... Attack Vector: NETWORK Attack Complexity: LOW ID: PlBqvnqYfwStyxWDEEFkLcWkqd6pJaTVCPv%2BXW9hcm0%3D Vulnerable Package
	Cxb3ca64d2-9cd1	Npm-mocha-4.1.0	details Recommended version: 10.1.0 Description: The package `mocha`is vulnerable to Regular Expression Denial of Service (ReDoS). The function `clean` in `utils.js` can make the server unavailabl... Attack Vector: NETWORK Attack Complexity: LOW ID: skTp068sQPlr9G5JFxTGFNR0aagiRanj4avbfO83h6A%3D Vulnerable Package
	Cxdca8e59f-8bfe	Npm-inflight-1.0.6	details Description: In NPM `inflight` there is a Memory Leak because some resources are not freed correctly after being used. It appears to affect all versions, as the... Attack Vector: NETWORK Attack Complexity: LOW ID: poo2rMAFkqu46W4ZDS6DscqxZrzL028xUto3LqLB2c0%3D Vulnerable Package
	Missing User Instruction	/Dockerfile: 4	details A user should be specified in the dockerfile, otherwise the image will run as root ID: en%2FXnRTNfq51ituAs%2Bim4b1H%2Fhc%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: r%2Fh%2B%2FctTW4LpglCeiqoOhPVDkVo%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: Ub0zL2X6AmfeNWkLgI%2BcJ1qdyGY%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: cm9wCmwEIJUfiE4WPaefnYbjQSs%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: KnWBfygyb%2F6RfKMa%2BSEU%2BdTbKNE%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: hAJ%2FZIJRaBu3S3%2BytDQw0aInG%2B8%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: DKvYjcqlgv%2Fth%2BzWNJ%2BbWWoevlc%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: nYCXltRuC0peQ90f0ZkeQCIiZ6E%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: HHlZHFNAEiMHs4fFCfTar0ZB1m8%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: llAqDDWR5MjJ6Bhp5zwCrRAvR5s%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: oHwI%2FFZ2dybl1d7Kea8DfEqEcpU%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: Wq6XhdQ68Kfi8AZQaeN5PT3F%2Fq8%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: vuq5%2FGxiuDUH5AbvYvn3gL%2BdERA%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: 2NE8eIotHSPexYtQZnvMuqtIL5U%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: iyslWFUlH93U0hu8UePEF3zWsAc%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: %2F3RZUe3mZrCeI6RI2m8tHvBKz7E%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: Eym3LnsR8mTEc4wYpALEPMpcQBA%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: P4mcgCKwXdjwnRH2IvOnoHIvKIo%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: 95vyP0UkutDg7EgAyEY5BRrFAeE%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: AoJTmjb3HNppjI%2BDDptRWaOK7YA%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: BL17ficGfvnd1CSDtvTeuO2bvs8%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: ml02GeVm%2FonMlI0UwtM74KF41Sg%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: GH3sEr6Qb87iuKidYmvJUI%2Fq%2BwM%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: Q%2BTbkojD2VEXMHlkxjAPMjZD5P8%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: 7udZme3TETOCHsKUY0Qca02Jp0o%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: AH7bNFW%2BKH7IQ9gKXbEhKKPzn2g%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: wk7KwFJ9Qnp9BCudxqpVhaF2vdI%3D
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	details When installing a package, its pin version should be defined ID: t7jWznxMSEq%2FkeQQmS8iMiJszO4%3D
	CVE-2015-9251	Npm-jquery-1.10.2	details Recommended version: 3.5.0 Description: jQuery before 3.0.0-beta1 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType op... Attack Vector: NETWORK Attack Complexity: LOW ID: 0U1I9OS%2F10EL0zl%2FhftoqwXIkiLhUAYE%2FUv2m8Sv%2B9s%3D Vulnerable Package
	CVE-2018-1109	Npm-braces-1.8.5	details Recommended version: 3.0.3 Description: A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Servi... Attack Vector: NETWORK Attack Complexity: LOW ID: ihS9pPOdzg4%2FpVio%2FKxowzMBQCPoRfRbgLfNxL7uS9o%3D Vulnerable Package
	CVE-2019-11358	Npm-jquery-1.10.2	details Recommended version: 3.5.0 Description: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollu... Attack Vector: NETWORK Attack Complexity: LOW ID: mZJJYroIbt2l6nyKgr97m9yYkpQbzXPduj3bx0HIwYk%3D Vulnerable Package
	CVE-2019-6284	Ruby-sassc-2.4.0	details Description: In libsass package versions prior to 3.6.0, a Heap-based Buffer Overread vulnerability exists in "Sass::Prelexer::alternatives" in "prelexer.hpp". Attack Vector: NETWORK Attack Complexity: LOW ID: 527m5Z4KFWPfRlZU4xWs809uWaqeXuX8B1XQPsQkUr4%3D Vulnerable Package
	CVE-2020-11023	Npm-jquery-1.10.2	details Recommended version: 3.5.0 Description: In jQuery versions 1.0.3 through 3.4.1, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQu... Attack Vector: NETWORK Attack Complexity: LOW ID: iibI0YR55X5fv5I%2BwD5WasK5efql037qCWE%2FfnW5qV4%3D Vulnerable Package
	CVE-2020-15169	Ruby-actionview-5.1.7	details Recommended version: 6.1.7.3 Description: In Action View in versions prior to 5.2.4.4 and 6.0.0.x prior to 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action Vi... Attack Vector: NETWORK Attack Complexity: LOW ID: Unf37BV5V1TUaIrvZw%2FC4refBz70xcV2gynZBEcwbo4%3D Vulnerable Package
	CVE-2020-15366	Npm-ajv-6.5.5	details Recommended version: 6.12.3 Description: An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that... Attack Vector: NETWORK Attack Complexity: HIGH ID: LMLiyYY5VgVwzF8gUDb%2BaMeSp0CLUeQPXiCmhVyXKc0%3D Vulnerable Package
	CVE-2020-5267	Ruby-actionview-5.1.7	details Recommended version: 6.1.7.3 Description: In ActionView versions prior to 5.2.4.2, and 6.x prior to 6.0.2.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape ... Attack Vector: NETWORK Attack Complexity: LOW ID: jPzxQ1cnsgK2e%2BMB6HPHhQcqqf5O2AoEBLepSViyGYg%3D Vulnerable Package
	CVE-2020-7598	Npm-minimist-0.0.8	details Recommended version: 0.2.3 Description: Affected versions of minimist are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the proto... Attack Vector: NETWORK Attack Complexity: HIGH ID: yG8ZMhppWAF4CYWzHH7jwJLa%2BmlHmlszWE1fzL5Q%2BMI%3D Vulnerable Package
	CVE-2020-8124	Npm-url-parse-1.4.4	details Recommended version: 1.5.9 Description: Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass secur... Attack Vector: NETWORK Attack Complexity: LOW ID: xHGeNhzx4CiEaCLlRYN2KN6LEUbPb71E17%2BD9s7Iexc%3D Vulnerable Package
	CVE-2021-27515	Npm-url-parse-1.4.4	details Recommended version: 1.5.9 Description: url-parse before 1.5.0 mishandles certain uses of backslash such as "http:\/" and interprets the URI as a relative path. Attack Vector: NETWORK Attack Complexity: LOW ID: X5OOT%2FOoL1%2FcwidnA6Zo86CjG8jKsnQPU9Khcko7CKI%3D Vulnerable Package
	CVE-2021-3664	Npm-url-parse-1.4.4	details Recommended version: 1.5.9 Description: url-parse before 1.5.2 is vulnerable to URL Redirection to Untrusted Site. Attack Vector: NETWORK Attack Complexity: LOW ID: vl6KBkd5xxIHNNBzQkhnDcicsR%2F3gbGIXj3mTbpNoH8%3D Vulnerable Package
	CVE-2022-0512	Npm-url-parse-1.4.4	details Recommended version: 1.5.9 Description: Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6. Attack Vector: NETWORK Attack Complexity: LOW ID: H865v18E47iykkB1P6U6rzIovXHkIIz%2Fv2MgjfAQhig%3D Vulnerable Package
	CVE-2022-0639	Npm-url-parse-1.4.4	details Recommended version: 1.5.9 Description: Authorization Bypass through User-Controlled Key in NPM url-parse prior to 1.5.7. An incorrect conversion of "@" in protocol in the "href" leads to... Attack Vector: NETWORK Attack Complexity: LOW ID: GgYLnNaoizjSekfY%2FOO7UUqiwlfUbT8VnOIZfcyHwsw%3D Vulnerable Package

More results are available on the CxOne platform