PMM-12377 Custom Labels #682
Security Report
10 new vulnerabilities were introduced in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
CVE-2023-26136Path to dependency file: /package.json Path to vulnerable library: /.yarn/cache/tough-cookie-npm-4.0.0-7c5f3086af-0891b37eb7.zip Dependency Hierarchy: -> toolkit-9.2.20.tgz (Root Library) -> core-27.5.1.tgz -> jest-config-27.5.1.tgz -> jest-environment-jsdom-27.5.1.tgz -> jsdom-16.7.0.tgz -> ❌ tough-cookie-4.0.0.tgz (Vulnerable Library) |
Critical | 9.8 | tough-cookie-4.0.0.tgz | Upgrade to version: tough-cookie - 4.1.3 | None |
CVE-2023-26136Path to dependency file: /package.json Path to vulnerable library: /.yarn/cache/tough-cookie-npm-2.5.0-79a2fe43fe-16a8cd0902.zip Dependency Hierarchy: -> e2e-9.2.20.tgz (Root Library) -> cypress-9.5.1.tgz -> request-2.88.10.tgz -> ❌ tough-cookie-2.5.0.tgz (Vulnerable Library) |
Critical | 9.8 | tough-cookie-2.5.0.tgz | Upgrade to version: tough-cookie - 4.1.3 | None |
CVE-2022-41721Dependency Hierarchy: -> google.golang.org/api-v0.74.0 (Root Library) -> ❌ golang.org/x/net-v0.0.0-20220909164309-bea034e7d591 (Vulnerable Library) |
High | 7.5 | golang.org/x/net-v0.0.0-20220909164309-bea034e7d591 | Upgrade to version: v0.2.0 | None |
CVE-2019-0205Dependency Hierarchy: -> ❌ github.com/cortexproject/cortex-v1.10.1-0.20211014125347-85c378182d0d (Vulnerable Library) |
High | 7.5 | github.com/cortexproject/cortex-v1.10.1-0.20211014125347-85c378182d0d | Upgrade to version: org.apache.thrift:libthrift:0.13.0 | None |
CVE-2020-15113Dependency Hierarchy: -> ❌ github.com/cortexproject/cortex-v1.10.1-0.20211014125347-85c378182d0d (Vulnerable Library) |
High | 7.1 | github.com/cortexproject/cortex-v1.10.1-0.20211014125347-85c378182d0d | Upgrade to version: 3.4.10, 3.3.23 | None |
CVE-2020-15113Dependency Hierarchy: -> ❌ github.com/prometheus/prometheus-v1.8.2-0.20211011171444-354d8d2ecfac (Vulnerable Library) |
High | 7.1 | github.com/prometheus/prometheus-v1.8.2-0.20211011171444-354d8d2ecfac | Upgrade to version: 3.4.10, 3.3.23 | None |
CVE-2020-15112Dependency Hierarchy: -> ❌ github.com/cortexproject/cortex-v1.10.1-0.20211014125347-85c378182d0d (Vulnerable Library) |
Medium | 6.5 | github.com/cortexproject/cortex-v1.10.1-0.20211014125347-85c378182d0d | Upgrade to version: 3.4.10, 3.3.23 | None |
Medium | 6.1 | github.com/magefile/mage-v1.13.0 | Upgrade to version: jquery - 3.5.0;jquery-rails - 4.4.0 | None | |
Medium | 6.1 | github.com/magefile/mage-v1.13.0 | Upgrade to version: jQuery - 3.5.0 | None | |
Medium | 6.1 | github.com/magefile/mage-v1.13.0 | Upgrade to version: jquery - 3.4.0 | None |
Base branch total remaining vulnerabilities: 42
Base branch commit: 1a38b24d5978e005ca62f287574e85c6b55bf481
Total libraries scanned: 2171
Scan token: c5c2c9c1cf984415a0ace80a64c44065