277 lines
6.2 KiB
JSON
277 lines
6.2 KiB
JSON
{
|
|
"auditReportVersion": 2,
|
|
"vulnerabilities": {
|
|
"@google-cloud/firestore": {
|
|
"name": "@google-cloud/firestore",
|
|
"severity": "moderate",
|
|
"isDirect": false,
|
|
"via": [
|
|
"google-gax"
|
|
],
|
|
"effects": [
|
|
"firebase-admin"
|
|
],
|
|
"range": "7.5.0-pre.0 || 7.6.0 - 7.11.6",
|
|
"nodes": [
|
|
"node_modules/@google-cloud/firestore"
|
|
],
|
|
"fixAvailable": {
|
|
"name": "firebase-admin",
|
|
"version": "14.0.0",
|
|
"isSemVerMajor": true
|
|
}
|
|
},
|
|
"@google-cloud/storage": {
|
|
"name": "@google-cloud/storage",
|
|
"severity": "moderate",
|
|
"isDirect": false,
|
|
"via": [
|
|
"retry-request",
|
|
"teeny-request"
|
|
],
|
|
"effects": [
|
|
"firebase-admin"
|
|
],
|
|
"range": "2.2.0 - 2.5.0 || >=5.19.0",
|
|
"nodes": [
|
|
"node_modules/@google-cloud/storage"
|
|
],
|
|
"fixAvailable": {
|
|
"name": "firebase-admin",
|
|
"version": "14.0.0",
|
|
"isSemVerMajor": true
|
|
}
|
|
},
|
|
"firebase-admin": {
|
|
"name": "firebase-admin",
|
|
"severity": "moderate",
|
|
"isDirect": true,
|
|
"via": [
|
|
"@google-cloud/firestore",
|
|
"@google-cloud/storage",
|
|
"uuid"
|
|
],
|
|
"effects": [],
|
|
"range": "7.0.0 - 8.2.0 || >=10.2.0",
|
|
"nodes": [
|
|
"node_modules/firebase-admin"
|
|
],
|
|
"fixAvailable": {
|
|
"name": "firebase-admin",
|
|
"version": "14.0.0",
|
|
"isSemVerMajor": true
|
|
}
|
|
},
|
|
"gaxios": {
|
|
"name": "gaxios",
|
|
"severity": "moderate",
|
|
"isDirect": false,
|
|
"via": [
|
|
"uuid"
|
|
],
|
|
"effects": [],
|
|
"range": "6.4.0 - 6.7.1",
|
|
"nodes": [
|
|
"node_modules/gaxios"
|
|
],
|
|
"fixAvailable": true
|
|
},
|
|
"google-gax": {
|
|
"name": "google-gax",
|
|
"severity": "moderate",
|
|
"isDirect": false,
|
|
"via": [
|
|
"retry-request",
|
|
"uuid"
|
|
],
|
|
"effects": [
|
|
"@google-cloud/firestore"
|
|
],
|
|
"range": "4.0.5-experimental - 4.6.1",
|
|
"nodes": [
|
|
"node_modules/google-gax"
|
|
],
|
|
"fixAvailable": {
|
|
"name": "firebase-admin",
|
|
"version": "14.0.0",
|
|
"isSemVerMajor": true
|
|
}
|
|
},
|
|
"next": {
|
|
"name": "next",
|
|
"severity": "moderate",
|
|
"isDirect": true,
|
|
"via": [
|
|
"postcss"
|
|
],
|
|
"effects": [],
|
|
"range": "9.3.4-canary.0 - 16.3.0-canary.5",
|
|
"nodes": [
|
|
"node_modules/next"
|
|
],
|
|
"fixAvailable": {
|
|
"name": "next",
|
|
"version": "9.3.3",
|
|
"isSemVerMajor": true
|
|
}
|
|
},
|
|
"node-cron": {
|
|
"name": "node-cron",
|
|
"severity": "moderate",
|
|
"isDirect": true,
|
|
"via": [
|
|
"uuid"
|
|
],
|
|
"effects": [],
|
|
"range": "3.0.2 - 3.0.3",
|
|
"nodes": [
|
|
"node_modules/node-cron"
|
|
],
|
|
"fixAvailable": {
|
|
"name": "node-cron",
|
|
"version": "4.2.1",
|
|
"isSemVerMajor": true
|
|
}
|
|
},
|
|
"postcss": {
|
|
"name": "postcss",
|
|
"severity": "moderate",
|
|
"isDirect": false,
|
|
"via": [
|
|
{
|
|
"source": 1117015,
|
|
"name": "postcss",
|
|
"dependency": "postcss",
|
|
"title": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
|
|
"url": "https://github.com/advisories/GHSA-qx2v-qp2m-jg93",
|
|
"severity": "moderate",
|
|
"cwe": [
|
|
"CWE-79"
|
|
],
|
|
"cvss": {
|
|
"score": 6.1,
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
|
|
},
|
|
"range": "<8.5.10"
|
|
}
|
|
],
|
|
"effects": [
|
|
"next"
|
|
],
|
|
"range": "<8.5.10",
|
|
"nodes": [
|
|
"node_modules/next/node_modules/postcss"
|
|
],
|
|
"fixAvailable": {
|
|
"name": "next",
|
|
"version": "9.3.3",
|
|
"isSemVerMajor": true
|
|
}
|
|
},
|
|
"retry-request": {
|
|
"name": "retry-request",
|
|
"severity": "moderate",
|
|
"isDirect": false,
|
|
"via": [
|
|
"teeny-request"
|
|
],
|
|
"effects": [
|
|
"@google-cloud/storage",
|
|
"google-gax"
|
|
],
|
|
"range": "7.0.0 - 7.0.2",
|
|
"nodes": [
|
|
"node_modules/retry-request"
|
|
],
|
|
"fixAvailable": {
|
|
"name": "firebase-admin",
|
|
"version": "14.0.0",
|
|
"isSemVerMajor": true
|
|
}
|
|
},
|
|
"teeny-request": {
|
|
"name": "teeny-request",
|
|
"severity": "moderate",
|
|
"isDirect": false,
|
|
"via": [
|
|
"uuid"
|
|
],
|
|
"effects": [
|
|
"@google-cloud/storage",
|
|
"retry-request"
|
|
],
|
|
"range": "3.9.1 - 9.0.0",
|
|
"nodes": [
|
|
"node_modules/teeny-request"
|
|
],
|
|
"fixAvailable": {
|
|
"name": "firebase-admin",
|
|
"version": "14.0.0",
|
|
"isSemVerMajor": true
|
|
}
|
|
},
|
|
"uuid": {
|
|
"name": "uuid",
|
|
"severity": "moderate",
|
|
"isDirect": false,
|
|
"via": [
|
|
{
|
|
"source": 1119441,
|
|
"name": "uuid",
|
|
"dependency": "uuid",
|
|
"title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
|
|
"url": "https://github.com/advisories/GHSA-w5hq-g745-h8pq",
|
|
"severity": "moderate",
|
|
"cwe": [
|
|
"CWE-787",
|
|
"CWE-1285"
|
|
],
|
|
"cvss": {
|
|
"score": 7.5,
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
|
|
},
|
|
"range": "<11.1.1"
|
|
}
|
|
],
|
|
"effects": [
|
|
"firebase-admin",
|
|
"gaxios",
|
|
"google-gax",
|
|
"node-cron",
|
|
"teeny-request"
|
|
],
|
|
"range": "<11.1.1",
|
|
"nodes": [
|
|
"node_modules/gaxios/node_modules/uuid",
|
|
"node_modules/google-gax/node_modules/uuid",
|
|
"node_modules/node-cron/node_modules/uuid",
|
|
"node_modules/teeny-request/node_modules/uuid",
|
|
"node_modules/uuid"
|
|
],
|
|
"fixAvailable": {
|
|
"name": "node-cron",
|
|
"version": "4.2.1",
|
|
"isSemVerMajor": true
|
|
}
|
|
}
|
|
},
|
|
"metadata": {
|
|
"vulnerabilities": {
|
|
"info": 0,
|
|
"low": 0,
|
|
"moderate": 11,
|
|
"high": 0,
|
|
"critical": 0,
|
|
"total": 11
|
|
},
|
|
"dependencies": {
|
|
"prod": 505,
|
|
"dev": 250,
|
|
"optional": 164,
|
|
"peer": 1,
|
|
"peerOptional": 0,
|
|
"total": 863
|
|
}
|
|
}
|
|
}
|