Update dependency async to ^3.2.6 #248
Security Report
| CVE | Severity |  CVSS Score |
Exploit Maturity | EPSS | Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|---|---|
CVE-2019-10744Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ lodash-4.17.11.tgz (Vulnerable Library) |
 Critical |
9.1 | Not Defined | 2.1% | lodash-4.17.11.tgz | Upgrade to version: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0 | None |
CVE-2021-43138Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> couchbase-driver-0.5.2.tgz (Root Library) -> ❌ async-2.6.2.tgz (Vulnerable Library) |
 High |
7.8 | Not Defined | 0.2% | async-2.6.2.tgz | Upgrade to version: async - 2.6.4,3.2.2 | None |
CVE-2020-8203Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ lodash-4.17.11.tgz (Vulnerable Library) |
High |
7.4 | Not Defined | 1.7% | lodash-4.17.11.tgz | Upgrade to version: lodash - 4.17.19 | None |
CVE-2021-23337Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ lodash-4.17.11.tgz (Vulnerable Library) |
High |
7.2 | Proof of concept | 0.9% | lodash-4.17.11.tgz | Upgrade to version: lodash - 4.17.21, lodash-es - 4.17.21 | None |
CVE-2021-23438Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ mpath-0.6.0.tgz (Vulnerable Library) |
 Medium |
5.6 | Proof of concept | 0.6% | mpath-0.6.0.tgz | Upgrade to version: mpath - 0.8.4 | None |
CVE-2022-25883Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> couchbase-driver-0.5.2.tgz (Root Library) -> ❌ semver-5.7.0.tgz (Vulnerable Library) |
Medium |
5.3 | Proof of concept | 0.2% | semver-5.7.0.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | None |
CVE-2020-28500Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ lodash-4.17.11.tgz (Vulnerable Library) |
Medium |
5.3 | Proof of concept | 0.2% | lodash-4.17.11.tgz | Upgrade to version: lodash - 4.17.21 | None |
CVE-2017-16137Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> couchbase-driver-0.5.2.tgz (Root Library) -> ❌ debug-3.2.6.tgz (Vulnerable Library) |
 Low |
3.7 | Not Defined | 0.3% | debug-3.2.6.tgz | Upgrade to version: debug - 2.6.9,3.1.0,3.2.7,4.3.1 | None |
CVE-2017-16137Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ debug-4.1.1.tgz (Vulnerable Library) |
Low |
3.7 | Not Defined | 0.3% | debug-4.1.1.tgz | Upgrade to version: debug - 2.6.9,3.1.0,3.2.7,4.3.1 | None |
CVE-2024-27088Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> memoizee-0.4.14.tgz (Root Library) -> ❌ es5-ext-0.10.50.tgz (Vulnerable Library) |
Low |
0.0 | Not Defined | 0.0% | es5-ext-0.10.50.tgz | Upgrade to version: es5-ext - 0.10.63 | None |
Total libraries scanned: 29
Scan token: e140b493bfde4580a98b0d863bf1d0d6