1362 lines
38 KiB
JSON
1362 lines
38 KiB
JSON
{
|
||
"auditReportVersion": 2,
|
||
"vulnerabilities": {
|
||
"@google-cloud/firestore": {
|
||
"name": "@google-cloud/firestore",
|
||
"severity": "moderate",
|
||
"isDirect": false,
|
||
"via": [
|
||
"google-gax"
|
||
],
|
||
"effects": [
|
||
"firebase-admin"
|
||
],
|
||
"range": "7.5.0-pre.0 || 7.6.0 - 7.11.6",
|
||
"nodes": [
|
||
"node_modules/@google-cloud/firestore"
|
||
],
|
||
"fixAvailable": {
|
||
"name": "firebase-admin",
|
||
"version": "13.10.0",
|
||
"isSemVerMajor": true
|
||
}
|
||
},
|
||
"@google-cloud/storage": {
|
||
"name": "@google-cloud/storage",
|
||
"severity": "moderate",
|
||
"isDirect": false,
|
||
"via": [
|
||
"retry-request",
|
||
"teeny-request",
|
||
"uuid"
|
||
],
|
||
"effects": [
|
||
"firebase-admin"
|
||
],
|
||
"range": "2.2.0 - 2.5.0 || >=5.19.0",
|
||
"nodes": [
|
||
"node_modules/@google-cloud/storage"
|
||
],
|
||
"fixAvailable": {
|
||
"name": "firebase-admin",
|
||
"version": "13.10.0",
|
||
"isSemVerMajor": true
|
||
}
|
||
},
|
||
"@tootallnate/once": {
|
||
"name": "@tootallnate/once",
|
||
"severity": "low",
|
||
"isDirect": false,
|
||
"via": [
|
||
{
|
||
"source": 1119438,
|
||
"name": "@tootallnate/once",
|
||
"dependency": "@tootallnate/once",
|
||
"title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
|
||
"url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6",
|
||
"severity": "low",
|
||
"cwe": [
|
||
"CWE-705"
|
||
],
|
||
"cvss": {
|
||
"score": 3.3,
|
||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
|
||
},
|
||
"range": "<2.0.1"
|
||
}
|
||
],
|
||
"effects": [],
|
||
"range": "<2.0.1",
|
||
"nodes": [
|
||
"node_modules/@tootallnate/once"
|
||
],
|
||
"fixAvailable": true
|
||
},
|
||
"axios": {
|
||
"name": "axios",
|
||
"severity": "high",
|
||
"isDirect": false,
|
||
"via": [
|
||
{
|
||
"source": 1119667,
|
||
"name": "axios",
|
||
"dependency": "axios",
|
||
"title": "axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)",
|
||
"url": "https://github.com/advisories/GHSA-pjwm-pj3p-43mv",
|
||
"severity": "high",
|
||
"cwe": [
|
||
"CWE-918"
|
||
],
|
||
"cvss": {
|
||
"score": 8.6,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"
|
||
},
|
||
"range": ">=1.0.0 <1.16.0"
|
||
},
|
||
{
|
||
"source": 1119669,
|
||
"name": "axios",
|
||
"dependency": "axios",
|
||
"title": "axios has DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions",
|
||
"url": "https://github.com/advisories/GHSA-898c-q2cr-xwhg",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-1321"
|
||
],
|
||
"cvss": {
|
||
"score": 4.8,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"
|
||
},
|
||
"range": ">=1.0.0 <1.16.0"
|
||
},
|
||
{
|
||
"source": 1119670,
|
||
"name": "axios",
|
||
"dependency": "axios",
|
||
"title": "Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix",
|
||
"url": "https://github.com/advisories/GHSA-654m-c8p4-x5fp",
|
||
"severity": "low",
|
||
"cwe": [
|
||
"CWE-113",
|
||
"CWE-1321"
|
||
],
|
||
"cvss": {
|
||
"score": 3.7,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
|
||
},
|
||
"range": "=1.15.2"
|
||
},
|
||
{
|
||
"source": 1119675,
|
||
"name": "axios",
|
||
"dependency": "axios",
|
||
"title": "axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`",
|
||
"url": "https://github.com/advisories/GHSA-35jp-ww65-95wh",
|
||
"severity": "high",
|
||
"cwe": [
|
||
"CWE-441",
|
||
"CWE-1321"
|
||
],
|
||
"cvss": {
|
||
"score": 8.7,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"
|
||
},
|
||
"range": ">=1.0.0 <1.16.0"
|
||
},
|
||
{
|
||
"source": 1120073,
|
||
"name": "axios",
|
||
"dependency": "axios",
|
||
"title": "Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection",
|
||
"url": "https://github.com/advisories/GHSA-hfxv-24rg-xrqf",
|
||
"severity": "high",
|
||
"cwe": [
|
||
"CWE-400",
|
||
"CWE-1333"
|
||
],
|
||
"cvss": {
|
||
"score": 7.5,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
|
||
},
|
||
"range": ">=1.0.0 <1.16.0"
|
||
},
|
||
{
|
||
"source": 1120074,
|
||
"name": "axios",
|
||
"dependency": "axios",
|
||
"title": "Allocation of Resources Without Limits or Throttling in Axios",
|
||
"url": "https://github.com/advisories/GHSA-777c-7fjr-54vf",
|
||
"severity": "high",
|
||
"cwe": [
|
||
"CWE-770"
|
||
],
|
||
"cvss": {
|
||
"score": 7.5,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
|
||
},
|
||
"range": ">=1.7.0 <1.16.0"
|
||
},
|
||
{
|
||
"source": 1120076,
|
||
"name": "axios",
|
||
"dependency": "axios",
|
||
"title": "Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter",
|
||
"url": "https://github.com/advisories/GHSA-p92q-9vqr-4j8v",
|
||
"severity": "high",
|
||
"cwe": [
|
||
"CWE-201"
|
||
],
|
||
"cvss": {
|
||
"score": 0,
|
||
"vectorString": null
|
||
},
|
||
"range": ">=1.0.0 <1.16.0"
|
||
},
|
||
{
|
||
"source": 1120078,
|
||
"name": "axios",
|
||
"dependency": "axios",
|
||
"title": "Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection",
|
||
"url": "https://github.com/advisories/GHSA-j5f8-grm9-p9fc",
|
||
"severity": "high",
|
||
"cwe": [
|
||
"CWE-200"
|
||
],
|
||
"cvss": {
|
||
"score": 7.5,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
|
||
},
|
||
"range": ">=1.0.0 <1.16.0"
|
||
}
|
||
],
|
||
"effects": [],
|
||
"range": "1.0.0 - 1.15.2",
|
||
"nodes": [
|
||
"node_modules/axios"
|
||
],
|
||
"fixAvailable": true
|
||
},
|
||
"engine.io": {
|
||
"name": "engine.io",
|
||
"severity": "moderate",
|
||
"isDirect": false,
|
||
"via": [
|
||
"ws"
|
||
],
|
||
"effects": [],
|
||
"range": "0.7.8 - 0.7.9 || 6.0.0 - 6.6.7",
|
||
"nodes": [
|
||
"node_modules/engine.io"
|
||
],
|
||
"fixAvailable": true
|
||
},
|
||
"engine.io-client": {
|
||
"name": "engine.io-client",
|
||
"severity": "moderate",
|
||
"isDirect": false,
|
||
"via": [
|
||
"ws"
|
||
],
|
||
"effects": [],
|
||
"range": "0.7.0 || 0.7.8 - 0.7.9 || 6.0.0 - 6.6.4",
|
||
"nodes": [
|
||
"node_modules/engine.io-client"
|
||
],
|
||
"fixAvailable": true
|
||
},
|
||
"esbuild": {
|
||
"name": "esbuild",
|
||
"severity": "moderate",
|
||
"isDirect": false,
|
||
"via": [
|
||
{
|
||
"source": 1102341,
|
||
"name": "esbuild",
|
||
"dependency": "esbuild",
|
||
"title": "esbuild enables any website to send any requests to the development server and read the response",
|
||
"url": "https://github.com/advisories/GHSA-67mh-4wv8-2f99",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-346"
|
||
],
|
||
"cvss": {
|
||
"score": 5.3,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"
|
||
},
|
||
"range": "<=0.24.2"
|
||
}
|
||
],
|
||
"effects": [
|
||
"vite"
|
||
],
|
||
"range": "<=0.24.2",
|
||
"nodes": [
|
||
"node_modules/esbuild"
|
||
],
|
||
"fixAvailable": {
|
||
"name": "vitest",
|
||
"version": "4.1.8",
|
||
"isSemVerMajor": true
|
||
}
|
||
},
|
||
"express": {
|
||
"name": "express",
|
||
"severity": "moderate",
|
||
"isDirect": true,
|
||
"via": [
|
||
"qs"
|
||
],
|
||
"effects": [],
|
||
"range": "4.21.0 - 4.22.1 || 5.0.0-alpha.1 - 5.0.1",
|
||
"nodes": [
|
||
"node_modules/express"
|
||
],
|
||
"fixAvailable": true
|
||
},
|
||
"fast-xml-builder": {
|
||
"name": "fast-xml-builder",
|
||
"severity": "high",
|
||
"isDirect": false,
|
||
"via": [
|
||
{
|
||
"source": 1118965,
|
||
"name": "fast-xml-builder",
|
||
"dependency": "fast-xml-builder",
|
||
"title": "fast-xml-builder allows attribute values with unwanted quotes to bypass malicious or unwanted attributes",
|
||
"url": "https://github.com/advisories/GHSA-5wm8-gmm8-39j9",
|
||
"severity": "high",
|
||
"cwe": [
|
||
"CWE-91",
|
||
"CWE-611"
|
||
],
|
||
"cvss": {
|
||
"score": 6.1,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
|
||
},
|
||
"range": "<=1.1.6"
|
||
},
|
||
{
|
||
"source": 1118966,
|
||
"name": "fast-xml-builder",
|
||
"dependency": "fast-xml-builder",
|
||
"title": "fast-xml-builder Comment Value regex can be bypassed",
|
||
"url": "https://github.com/advisories/GHSA-45c6-75p6-83cc",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-91"
|
||
],
|
||
"cvss": {
|
||
"score": 6.1,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
|
||
},
|
||
"range": "=1.1.5"
|
||
}
|
||
],
|
||
"effects": [],
|
||
"range": "<=1.1.6",
|
||
"nodes": [
|
||
"node_modules/fast-xml-builder"
|
||
],
|
||
"fixAvailable": true
|
||
},
|
||
"firebase-admin": {
|
||
"name": "firebase-admin",
|
||
"severity": "moderate",
|
||
"isDirect": true,
|
||
"via": [
|
||
"@google-cloud/firestore",
|
||
"@google-cloud/storage",
|
||
"uuid"
|
||
],
|
||
"effects": [],
|
||
"range": ">=10.2.0",
|
||
"nodes": [
|
||
"node_modules/firebase-admin"
|
||
],
|
||
"fixAvailable": {
|
||
"name": "firebase-admin",
|
||
"version": "13.10.0",
|
||
"isSemVerMajor": true
|
||
}
|
||
},
|
||
"gaxios": {
|
||
"name": "gaxios",
|
||
"severity": "moderate",
|
||
"isDirect": false,
|
||
"via": [
|
||
"uuid"
|
||
],
|
||
"effects": [],
|
||
"range": "6.4.0 - 6.7.1",
|
||
"nodes": [
|
||
"node_modules/gaxios"
|
||
],
|
||
"fixAvailable": true
|
||
},
|
||
"google-gax": {
|
||
"name": "google-gax",
|
||
"severity": "moderate",
|
||
"isDirect": false,
|
||
"via": [
|
||
"retry-request",
|
||
"uuid"
|
||
],
|
||
"effects": [
|
||
"@google-cloud/firestore"
|
||
],
|
||
"range": "4.0.5-experimental - 4.6.1",
|
||
"nodes": [
|
||
"node_modules/google-gax"
|
||
],
|
||
"fixAvailable": {
|
||
"name": "firebase-admin",
|
||
"version": "13.10.0",
|
||
"isSemVerMajor": true
|
||
}
|
||
},
|
||
"js-cookie": {
|
||
"name": "js-cookie",
|
||
"severity": "high",
|
||
"isDirect": false,
|
||
"via": [
|
||
{
|
||
"source": 1119459,
|
||
"name": "js-cookie",
|
||
"dependency": "js-cookie",
|
||
"title": "JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection",
|
||
"url": "https://github.com/advisories/GHSA-qjx8-664m-686j",
|
||
"severity": "high",
|
||
"cwe": [
|
||
"CWE-1321"
|
||
],
|
||
"cvss": {
|
||
"score": 7.5,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
|
||
},
|
||
"range": "<=3.0.5"
|
||
}
|
||
],
|
||
"effects": [],
|
||
"range": "<=3.0.5",
|
||
"nodes": [
|
||
"node_modules/js-cookie"
|
||
],
|
||
"fixAvailable": true
|
||
},
|
||
"next": {
|
||
"name": "next",
|
||
"severity": "critical",
|
||
"isDirect": true,
|
||
"via": [
|
||
{
|
||
"source": 1099638,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Next.js Cache Poisoning",
|
||
"url": "https://github.com/advisories/GHSA-gp8f-8m3g-qvj9",
|
||
"severity": "high",
|
||
"cwe": [
|
||
"CWE-349",
|
||
"CWE-639"
|
||
],
|
||
"cvss": {
|
||
"score": 7.5,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
|
||
},
|
||
"range": ">=14.0.0 <14.2.10"
|
||
},
|
||
{
|
||
"source": 1100421,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Denial of Service condition in Next.js image optimization",
|
||
"url": "https://github.com/advisories/GHSA-g77x-44xx-532m",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-674"
|
||
],
|
||
"cvss": {
|
||
"score": 5.9,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
|
||
},
|
||
"range": ">=10.0.0 <14.2.7"
|
||
},
|
||
{
|
||
"source": 1101438,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Next.js Allows a Denial of Service (DoS) with Server Actions",
|
||
"url": "https://github.com/advisories/GHSA-7m27-7ghc-44w9",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-770"
|
||
],
|
||
"cvss": {
|
||
"score": 5.3,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
|
||
},
|
||
"range": ">=14.0.0 <14.2.21"
|
||
},
|
||
{
|
||
"source": 1105461,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Information exposure in Next.js dev server due to lack of origin verification",
|
||
"url": "https://github.com/advisories/GHSA-3h52-269p-cp9r",
|
||
"severity": "low",
|
||
"cwe": [
|
||
"CWE-1385"
|
||
],
|
||
"cvss": {
|
||
"score": 0,
|
||
"vectorString": null
|
||
},
|
||
"range": ">=13.0 <14.2.30"
|
||
},
|
||
{
|
||
"source": 1107226,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Next.js Affected by Cache Key Confusion for Image Optimization API Routes",
|
||
"url": "https://github.com/advisories/GHSA-g5qg-72qw-gw5v",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-524"
|
||
],
|
||
"cvss": {
|
||
"score": 6.2,
|
||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
|
||
},
|
||
"range": ">=0.9.9 <14.2.31"
|
||
},
|
||
{
|
||
"source": 1107420,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Next.js authorization bypass vulnerability",
|
||
"url": "https://github.com/advisories/GHSA-7gfc-8cq8-jh5f",
|
||
"severity": "high",
|
||
"cwe": [
|
||
"CWE-285",
|
||
"CWE-863"
|
||
],
|
||
"cvss": {
|
||
"score": 7.5,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
|
||
},
|
||
"range": ">=9.5.5 <14.2.15"
|
||
},
|
||
{
|
||
"source": 1107512,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Next.js Improper Middleware Redirect Handling Leads to SSRF",
|
||
"url": "https://github.com/advisories/GHSA-4342-x723-ch2f",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-918"
|
||
],
|
||
"cvss": {
|
||
"score": 6.5,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"
|
||
},
|
||
"range": ">=0.9.9 <14.2.32"
|
||
},
|
||
{
|
||
"source": 1107513,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Next.js Content Injection Vulnerability for Image Optimization",
|
||
"url": "https://github.com/advisories/GHSA-xv57-4mr9-wg8v",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-20"
|
||
],
|
||
"cvss": {
|
||
"score": 4.3,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
|
||
},
|
||
"range": ">=0.9.9 <14.2.31"
|
||
},
|
||
{
|
||
"source": 1108291,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Next.js Race Condition to Cache Poisoning",
|
||
"url": "https://github.com/advisories/GHSA-qpjv-v59x-3qc4",
|
||
"severity": "low",
|
||
"cwe": [
|
||
"CWE-362"
|
||
],
|
||
"cvss": {
|
||
"score": 3.7,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
|
||
},
|
||
"range": ">=0.9.9 <14.2.24"
|
||
},
|
||
{
|
||
"source": 1111391,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Next Vulnerable to Denial of Service with Server Components",
|
||
"url": "https://github.com/advisories/GHSA-mwv6-3258-q52c",
|
||
"severity": "high",
|
||
"cwe": [
|
||
"CWE-400",
|
||
"CWE-502",
|
||
"CWE-1395"
|
||
],
|
||
"cvss": {
|
||
"score": 7.5,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
|
||
},
|
||
"range": ">=13.3.0 <14.2.34"
|
||
},
|
||
{
|
||
"source": 1112182,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",
|
||
"url": "https://github.com/advisories/GHSA-5j59-xgg2-r9c4",
|
||
"severity": "high",
|
||
"cwe": [
|
||
"CWE-400",
|
||
"CWE-502",
|
||
"CWE-1395"
|
||
],
|
||
"cvss": {
|
||
"score": 7.5,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
|
||
},
|
||
"range": ">=13.3.1-canary.0 <14.2.35"
|
||
},
|
||
{
|
||
"source": 1112593,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration",
|
||
"url": "https://github.com/advisories/GHSA-9g9p-9gw9-jx7f",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-400",
|
||
"CWE-770"
|
||
],
|
||
"cvss": {
|
||
"score": 5.9,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
|
||
},
|
||
"range": ">=10.0.0 <15.5.10"
|
||
},
|
||
{
|
||
"source": 1112653,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components",
|
||
"url": "https://github.com/advisories/GHSA-h25m-26qc-wcjf",
|
||
"severity": "high",
|
||
"cwe": [
|
||
"CWE-400",
|
||
"CWE-502"
|
||
],
|
||
"cvss": {
|
||
"score": 7.5,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
|
||
},
|
||
"range": ">=13.0.0 <15.0.8"
|
||
},
|
||
{
|
||
"source": 1113689,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Authorization Bypass in Next.js Middleware",
|
||
"url": "https://github.com/advisories/GHSA-f82v-jwr5-mffw",
|
||
"severity": "critical",
|
||
"cwe": [
|
||
"CWE-285",
|
||
"CWE-863"
|
||
],
|
||
"cvss": {
|
||
"score": 9.1,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
|
||
},
|
||
"range": ">=14.0.0 <14.2.25"
|
||
},
|
||
{
|
||
"source": 1114897,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Next.js: HTTP request smuggling in rewrites",
|
||
"url": "https://github.com/advisories/GHSA-ggv3-7p47-pfv8",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-444"
|
||
],
|
||
"cvss": {
|
||
"score": 0,
|
||
"vectorString": null
|
||
},
|
||
"range": ">=9.5.0 <15.5.13"
|
||
},
|
||
{
|
||
"source": 1114940,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Next.js: Unbounded next/image disk cache growth can exhaust storage",
|
||
"url": "https://github.com/advisories/GHSA-3x4c-7xq6-9pq8",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-400"
|
||
],
|
||
"cvss": {
|
||
"score": 0,
|
||
"vectorString": null
|
||
},
|
||
"range": ">=10.0.0 <15.5.14"
|
||
},
|
||
{
|
||
"source": 1116376,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Next.js has a Denial of Service with Server Components",
|
||
"url": "https://github.com/advisories/GHSA-q4gf-8mx6-v5v3",
|
||
"severity": "high",
|
||
"cwe": [
|
||
"CWE-770"
|
||
],
|
||
"cvss": {
|
||
"score": 7.5,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
|
||
},
|
||
"range": ">=13.0.0 <15.5.15"
|
||
},
|
||
{
|
||
"source": 1117931,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Next.js Vulnerable to Denial of Service with Server Components",
|
||
"url": "https://github.com/advisories/GHSA-8h8q-6873-q5fj",
|
||
"severity": "high",
|
||
"cwe": [
|
||
"CWE-770"
|
||
],
|
||
"cvss": {
|
||
"score": 7.5,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
|
||
},
|
||
"range": ">=13.0.0 <15.5.16"
|
||
},
|
||
{
|
||
"source": 1118942,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Next.js's Middleware / Proxy redirects can be cache-poisoned",
|
||
"url": "https://github.com/advisories/GHSA-3g8h-86w9-wvmq",
|
||
"severity": "low",
|
||
"cwe": [
|
||
"CWE-349"
|
||
],
|
||
"cvss": {
|
||
"score": 3.7,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
|
||
},
|
||
"range": ">=12.2.0 <15.5.16"
|
||
},
|
||
{
|
||
"source": 1118944,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces",
|
||
"url": "https://github.com/advisories/GHSA-ffhc-5mcf-pf4q",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-79"
|
||
],
|
||
"cvss": {
|
||
"score": 4.7,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
|
||
},
|
||
"range": ">=13.4.0 <15.5.16"
|
||
},
|
||
{
|
||
"source": 1118946,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting",
|
||
"url": "https://github.com/advisories/GHSA-vfv6-92ff-j949",
|
||
"severity": "low",
|
||
"cwe": [
|
||
"CWE-328"
|
||
],
|
||
"cvss": {
|
||
"score": 3.7,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
|
||
},
|
||
"range": ">=13.4.6 <15.5.16"
|
||
},
|
||
{
|
||
"source": 1118948,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Next.js has cross-site scripting in beforeInteractive scripts with untrusted input",
|
||
"url": "https://github.com/advisories/GHSA-gx5p-jg67-6x7h",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-79"
|
||
],
|
||
"cvss": {
|
||
"score": 6.1,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
|
||
},
|
||
"range": ">=13.0.0 <15.5.16"
|
||
},
|
||
{
|
||
"source": 1118952,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Next.js has a Denial of Service in the Image Optimization API",
|
||
"url": "https://github.com/advisories/GHSA-h64f-5h5j-jqjh",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-770"
|
||
],
|
||
"cvss": {
|
||
"score": 5.9,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
|
||
},
|
||
"range": ">=10.0.0 <15.5.16"
|
||
},
|
||
{
|
||
"source": 1118954,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades",
|
||
"url": "https://github.com/advisories/GHSA-c4j6-fc7j-m34r",
|
||
"severity": "high",
|
||
"cwe": [
|
||
"CWE-918"
|
||
],
|
||
"cvss": {
|
||
"score": 8.6,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"
|
||
},
|
||
"range": ">=13.4.13 <15.5.16"
|
||
},
|
||
{
|
||
"source": 1118958,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Next.js vulnerable to cache poisoning in React Server Component responses",
|
||
"url": "https://github.com/advisories/GHSA-wfc6-r584-vfw7",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-436"
|
||
],
|
||
"cvss": {
|
||
"score": 5.4,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L"
|
||
},
|
||
"range": ">=14.2.0 <15.5.16"
|
||
},
|
||
{
|
||
"source": 1118962,
|
||
"name": "next",
|
||
"dependency": "next",
|
||
"title": "Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n",
|
||
"url": "https://github.com/advisories/GHSA-36qx-fr4f-26g5",
|
||
"severity": "high",
|
||
"cwe": [
|
||
"CWE-863"
|
||
],
|
||
"cvss": {
|
||
"score": 7.5,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
|
||
},
|
||
"range": ">=12.2.0 <15.5.16"
|
||
},
|
||
"postcss"
|
||
],
|
||
"effects": [],
|
||
"range": "0.9.9 - 16.3.0-canary.5",
|
||
"nodes": [
|
||
"node_modules/next"
|
||
],
|
||
"fixAvailable": {
|
||
"name": "next",
|
||
"version": "14.2.35",
|
||
"isSemVerMajor": false
|
||
}
|
||
},
|
||
"node-cron": {
|
||
"name": "node-cron",
|
||
"severity": "moderate",
|
||
"isDirect": true,
|
||
"via": [
|
||
"uuid"
|
||
],
|
||
"effects": [],
|
||
"range": "3.0.2 - 3.0.3",
|
||
"nodes": [
|
||
"node_modules/node-cron"
|
||
],
|
||
"fixAvailable": {
|
||
"name": "node-cron",
|
||
"version": "4.2.1",
|
||
"isSemVerMajor": true
|
||
}
|
||
},
|
||
"nodemailer": {
|
||
"name": "nodemailer",
|
||
"severity": "high",
|
||
"isDirect": true,
|
||
"via": [
|
||
{
|
||
"source": 1109804,
|
||
"name": "nodemailer",
|
||
"dependency": "nodemailer",
|
||
"title": "Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict",
|
||
"url": "https://github.com/advisories/GHSA-mm7p-fcc7-pg87",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-20",
|
||
"CWE-436"
|
||
],
|
||
"cvss": {
|
||
"score": 0,
|
||
"vectorString": null
|
||
},
|
||
"range": "<7.0.7"
|
||
},
|
||
{
|
||
"source": 1113165,
|
||
"name": "nodemailer",
|
||
"dependency": "nodemailer",
|
||
"title": "Nodemailer’s addressparser is vulnerable to DoS caused by recursive calls",
|
||
"url": "https://github.com/advisories/GHSA-rcmh-qjqh-p98v",
|
||
"severity": "high",
|
||
"cwe": [
|
||
"CWE-703"
|
||
],
|
||
"cvss": {
|
||
"score": 7.5,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
|
||
},
|
||
"range": "<=7.0.10"
|
||
},
|
||
{
|
||
"source": 1115470,
|
||
"name": "nodemailer",
|
||
"dependency": "nodemailer",
|
||
"title": "Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter",
|
||
"url": "https://github.com/advisories/GHSA-c7w3-x93f-qmm8",
|
||
"severity": "low",
|
||
"cwe": [
|
||
"CWE-93"
|
||
],
|
||
"cvss": {
|
||
"score": 0,
|
||
"vectorString": null
|
||
},
|
||
"range": "<8.0.4"
|
||
},
|
||
{
|
||
"source": 1116270,
|
||
"name": "nodemailer",
|
||
"dependency": "nodemailer",
|
||
"title": "Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO) ",
|
||
"url": "https://github.com/advisories/GHSA-vvjj-xcjg-gr5g",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-93"
|
||
],
|
||
"cvss": {
|
||
"score": 4.9,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"
|
||
},
|
||
"range": "<=8.0.4"
|
||
}
|
||
],
|
||
"effects": [],
|
||
"range": "<=8.0.4",
|
||
"nodes": [
|
||
"node_modules/nodemailer"
|
||
],
|
||
"fixAvailable": {
|
||
"name": "nodemailer",
|
||
"version": "8.0.10",
|
||
"isSemVerMajor": true
|
||
}
|
||
},
|
||
"postcss": {
|
||
"name": "postcss",
|
||
"severity": "moderate",
|
||
"isDirect": false,
|
||
"via": [
|
||
{
|
||
"source": 1117015,
|
||
"name": "postcss",
|
||
"dependency": "postcss",
|
||
"title": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
|
||
"url": "https://github.com/advisories/GHSA-qx2v-qp2m-jg93",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-79"
|
||
],
|
||
"cvss": {
|
||
"score": 6.1,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
|
||
},
|
||
"range": "<8.5.10"
|
||
}
|
||
],
|
||
"effects": [
|
||
"next"
|
||
],
|
||
"range": "<8.5.10",
|
||
"nodes": [
|
||
"node_modules/next/node_modules/postcss"
|
||
],
|
||
"fixAvailable": {
|
||
"name": "next",
|
||
"version": "14.2.35",
|
||
"isSemVerMajor": false
|
||
}
|
||
},
|
||
"protobufjs": {
|
||
"name": "protobufjs",
|
||
"severity": "moderate",
|
||
"isDirect": false,
|
||
"via": [
|
||
{
|
||
"source": 1119378,
|
||
"name": "protobufjs",
|
||
"dependency": "protobufjs",
|
||
"title": "protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion",
|
||
"url": "https://github.com/advisories/GHSA-jggg-4jg4-v7c6",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-674"
|
||
],
|
||
"cvss": {
|
||
"score": 5.3,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
|
||
},
|
||
"range": "<=7.5.7"
|
||
}
|
||
],
|
||
"effects": [],
|
||
"range": "<=7.5.7",
|
||
"nodes": [
|
||
"node_modules/protobufjs"
|
||
],
|
||
"fixAvailable": true
|
||
},
|
||
"qs": {
|
||
"name": "qs",
|
||
"severity": "moderate",
|
||
"isDirect": false,
|
||
"via": [
|
||
{
|
||
"source": 1119502,
|
||
"name": "qs",
|
||
"dependency": "qs",
|
||
"title": "qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set",
|
||
"url": "https://github.com/advisories/GHSA-q8mj-m7cp-5q26",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-476"
|
||
],
|
||
"cvss": {
|
||
"score": 5.3,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
|
||
},
|
||
"range": ">=6.11.1 <=6.15.1"
|
||
}
|
||
],
|
||
"effects": [
|
||
"express"
|
||
],
|
||
"range": "6.11.1 - 6.15.1",
|
||
"nodes": [
|
||
"node_modules/body-parser/node_modules/qs",
|
||
"node_modules/qs"
|
||
],
|
||
"fixAvailable": true
|
||
},
|
||
"retry-request": {
|
||
"name": "retry-request",
|
||
"severity": "moderate",
|
||
"isDirect": false,
|
||
"via": [
|
||
"teeny-request"
|
||
],
|
||
"effects": [
|
||
"@google-cloud/storage",
|
||
"google-gax"
|
||
],
|
||
"range": "7.0.0 - 7.0.2",
|
||
"nodes": [
|
||
"node_modules/retry-request"
|
||
],
|
||
"fixAvailable": {
|
||
"name": "firebase-admin",
|
||
"version": "13.10.0",
|
||
"isSemVerMajor": true
|
||
}
|
||
},
|
||
"socket.io-adapter": {
|
||
"name": "socket.io-adapter",
|
||
"severity": "moderate",
|
||
"isDirect": false,
|
||
"via": [
|
||
"ws"
|
||
],
|
||
"effects": [],
|
||
"range": "2.5.2 - 2.5.6",
|
||
"nodes": [
|
||
"node_modules/socket.io-adapter"
|
||
],
|
||
"fixAvailable": true
|
||
},
|
||
"teeny-request": {
|
||
"name": "teeny-request",
|
||
"severity": "moderate",
|
||
"isDirect": false,
|
||
"via": [
|
||
"uuid"
|
||
],
|
||
"effects": [
|
||
"@google-cloud/storage",
|
||
"retry-request"
|
||
],
|
||
"range": "3.9.1 - 9.0.0",
|
||
"nodes": [
|
||
"node_modules/teeny-request"
|
||
],
|
||
"fixAvailable": {
|
||
"name": "firebase-admin",
|
||
"version": "13.10.0",
|
||
"isSemVerMajor": true
|
||
}
|
||
},
|
||
"turbo": {
|
||
"name": "turbo",
|
||
"severity": "moderate",
|
||
"isDirect": true,
|
||
"via": [
|
||
{
|
||
"source": 1119386,
|
||
"name": "turbo",
|
||
"dependency": "turbo",
|
||
"title": "Trubo: Login callback CSRF/session fixation",
|
||
"url": "https://github.com/advisories/GHSA-hcf7-66rw-9f5r",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-352"
|
||
],
|
||
"cvss": {
|
||
"score": 0,
|
||
"vectorString": null
|
||
},
|
||
"range": "<=2.9.13"
|
||
},
|
||
{
|
||
"source": 1119389,
|
||
"name": "turbo",
|
||
"dependency": "turbo",
|
||
"title": "Turbo: Unexpected local code execution during Yarn Berry detection",
|
||
"url": "https://github.com/advisories/GHSA-3qcw-2rhx-2726",
|
||
"severity": "low",
|
||
"cwe": [
|
||
"CWE-426"
|
||
],
|
||
"cvss": {
|
||
"score": 9.8,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
|
||
},
|
||
"range": ">=1.1.0 <2.9.14"
|
||
}
|
||
],
|
||
"effects": [],
|
||
"range": "<=2.9.13-canary.1",
|
||
"nodes": [
|
||
"node_modules/turbo"
|
||
],
|
||
"fixAvailable": {
|
||
"name": "turbo",
|
||
"version": "2.9.16",
|
||
"isSemVerMajor": true
|
||
}
|
||
},
|
||
"uuid": {
|
||
"name": "uuid",
|
||
"severity": "moderate",
|
||
"isDirect": false,
|
||
"via": [
|
||
{
|
||
"source": 1119441,
|
||
"name": "uuid",
|
||
"dependency": "uuid",
|
||
"title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
|
||
"url": "https://github.com/advisories/GHSA-w5hq-g745-h8pq",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-787",
|
||
"CWE-1285"
|
||
],
|
||
"cvss": {
|
||
"score": 7.5,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
|
||
},
|
||
"range": "<11.1.1"
|
||
}
|
||
],
|
||
"effects": [
|
||
"@google-cloud/storage",
|
||
"firebase-admin",
|
||
"gaxios",
|
||
"google-gax",
|
||
"node-cron",
|
||
"teeny-request"
|
||
],
|
||
"range": "<11.1.1",
|
||
"nodes": [
|
||
"node_modules/@google-cloud/storage/node_modules/uuid",
|
||
"node_modules/gaxios/node_modules/uuid",
|
||
"node_modules/google-gax/node_modules/uuid",
|
||
"node_modules/node-cron/node_modules/uuid",
|
||
"node_modules/teeny-request/node_modules/uuid",
|
||
"node_modules/uuid"
|
||
],
|
||
"fixAvailable": {
|
||
"name": "node-cron",
|
||
"version": "4.2.1",
|
||
"isSemVerMajor": true
|
||
}
|
||
},
|
||
"vite": {
|
||
"name": "vite",
|
||
"severity": "moderate",
|
||
"isDirect": false,
|
||
"via": [
|
||
{
|
||
"source": 1116229,
|
||
"name": "vite",
|
||
"dependency": "vite",
|
||
"title": "Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling",
|
||
"url": "https://github.com/advisories/GHSA-4w7w-66w2-5vf9",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-22",
|
||
"CWE-200"
|
||
],
|
||
"cvss": {
|
||
"score": 0,
|
||
"vectorString": null
|
||
},
|
||
"range": "<=6.4.1"
|
||
},
|
||
"esbuild"
|
||
],
|
||
"effects": [
|
||
"vite-node",
|
||
"vitest"
|
||
],
|
||
"range": "<=6.4.1",
|
||
"nodes": [
|
||
"node_modules/vite"
|
||
],
|
||
"fixAvailable": {
|
||
"name": "vitest",
|
||
"version": "4.1.8",
|
||
"isSemVerMajor": true
|
||
}
|
||
},
|
||
"vite-node": {
|
||
"name": "vite-node",
|
||
"severity": "moderate",
|
||
"isDirect": false,
|
||
"via": [
|
||
"vite"
|
||
],
|
||
"effects": [
|
||
"vitest"
|
||
],
|
||
"range": "<=2.2.0-beta.2",
|
||
"nodes": [
|
||
"node_modules/vite-node"
|
||
],
|
||
"fixAvailable": {
|
||
"name": "vitest",
|
||
"version": "4.1.8",
|
||
"isSemVerMajor": true
|
||
}
|
||
},
|
||
"vitest": {
|
||
"name": "vitest",
|
||
"severity": "critical",
|
||
"isDirect": true,
|
||
"via": [
|
||
{
|
||
"source": 1120011,
|
||
"name": "vitest",
|
||
"dependency": "vitest",
|
||
"title": "When Vitest UI server is listening, arbitrary file can be read and executed",
|
||
"url": "https://github.com/advisories/GHSA-5xrq-8626-4rwp",
|
||
"severity": "critical",
|
||
"cwe": [
|
||
"CWE-862"
|
||
],
|
||
"cvss": {
|
||
"score": 9.8,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
|
||
},
|
||
"range": "<4.1.0"
|
||
},
|
||
"vite",
|
||
"vite-node"
|
||
],
|
||
"effects": [],
|
||
"range": "<=4.1.0-beta.6",
|
||
"nodes": [
|
||
"node_modules/vitest"
|
||
],
|
||
"fixAvailable": {
|
||
"name": "vitest",
|
||
"version": "4.1.8",
|
||
"isSemVerMajor": true
|
||
}
|
||
},
|
||
"ws": {
|
||
"name": "ws",
|
||
"severity": "moderate",
|
||
"isDirect": false,
|
||
"via": [
|
||
{
|
||
"source": 1119108,
|
||
"name": "ws",
|
||
"dependency": "ws",
|
||
"title": "ws: Uninitialized memory disclosure",
|
||
"url": "https://github.com/advisories/GHSA-58qx-3vcg-4xpx",
|
||
"severity": "moderate",
|
||
"cwe": [
|
||
"CWE-908"
|
||
],
|
||
"cvss": {
|
||
"score": 4.4,
|
||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"
|
||
},
|
||
"range": ">=8.0.0 <8.20.1"
|
||
}
|
||
],
|
||
"effects": [
|
||
"engine.io",
|
||
"engine.io-client",
|
||
"socket.io-adapter"
|
||
],
|
||
"range": "8.0.0 - 8.20.0",
|
||
"nodes": [
|
||
"node_modules/ws"
|
||
],
|
||
"fixAvailable": true
|
||
}
|
||
},
|
||
"metadata": {
|
||
"vulnerabilities": {
|
||
"info": 0,
|
||
"low": 1,
|
||
"moderate": 21,
|
||
"high": 4,
|
||
"critical": 2,
|
||
"total": 28
|
||
},
|
||
"dependencies": {
|
||
"prod": 515,
|
||
"dev": 248,
|
||
"optional": 167,
|
||
"peer": 1,
|
||
"peerOptional": 0,
|
||
"total": 874
|
||
}
|
||
}
|
||
}
|