npm vulnerabilities

Known vulnerabilities in the npm package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Resource Exhaustion	<1:10.7.0-1.18.20.4.1.module+el9.4.0+22195+c221878e
M Incorrect Permission Assignment for Critical Resource	<1:10.8.1-1.20.16.0.1.module+el9.4.0+22197+9e60f127
M CVE-2024-22020	<1:10.7.0-1.18.20.4.1.module+el9.4.0+22195+c221878e
M CVE-2024-22018	<1:10.8.1-1.20.16.0.1.module+el9.4.0+22197+9e60f127
H HTTP Request Smuggling	<1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7
H Detection of Error Condition Without Action	<1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7
H Resource Exhaustion	<1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7
H Resource Exhaustion	<1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7
H Buffer Under-read	<1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7
H Improper Privilege Management	<1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a
M Incomplete Documentation	<1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a
M Directory Traversal	<1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a
H Directory Traversal	<1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a
H Resource Exhaustion	<1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a
H Arbitrary Code Injection	<1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a
H Covert Timing Channel	<1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a
M Server-Side Request Forgery (SSRF)	*
H Information Exposure	<1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5
H Improper Validation of Integrity Check Value	<1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5
L Arbitrary Code Injection	<1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5
H Directory Traversal	<1:10.1.0-1.20.9.0.1.module+el9.3.0.z+20633+3a660725
H Resource Exhaustion	<1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5
H Arbitrary Code Injection	<1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0
H Information Exposure	<1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0
H Information Exposure	<1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0
H Inefficient Regular Expression Complexity	<1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0
M CVE-2023-30588	<1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07
M CVE-2023-30589	<1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07
M CVE-2023-30581	<1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07
M CVE-2023-30590	<1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07
H Out-of-bounds Write	<1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395
H Use of Insufficiently Random Values	<1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395
H Resource Exhaustion	<1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395
H Use of Insufficiently Random Values	<1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395
M Inefficient Regular Expression Complexity	<1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c
M CRLF Injection	<1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c
M Untrusted Search Path	<1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c
M CVE-2023-23919	<1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c
M Incorrect Authorization	<1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c
M Improper Input Validation	<1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c
M Inefficient Regular Expression Complexity	<1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c
M Resource Exhaustion	<1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c
M Reliance on Reverse DNS Resolution for a Security-Critical Action	<1:8.19.2-1.18.12.1.1.module+el9.1.0.z+17326+318294bb
M Inefficient Regular Expression Complexity	<1:8.19.2-1.18.12.1.1.module+el9.1.0.z+17326+318294bb
H Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)	<1:8.15.0-1.16.17.1.1.el9_0
M HTTP Request Smuggling	<1:8.19.2-1.16.18.1.3.el9_1
M HTTP Request Smuggling	<1:8.11.0-1.16.16.0.1.el9_0
M HTTP Request Smuggling	<1:8.11.0-1.16.16.0.1.el9_0
M Improper Check or Handling of Exceptional Conditions	<1:8.11.0-1.16.16.0.1.el9_0
M HTTP Request Smuggling	<1:8.11.0-1.16.16.0.1.el9_0
M Open Redirect	<1:8.11.0-1.16.16.0.1.el9_0
M Improper Cross-boundary Removal of Sensitive Data	<1:8.11.0-1.16.16.0.1.el9_0
M Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<1:8.19.2-1.16.18.1.3.el9_1
M Resource Exhaustion	<1:8.11.0-1.16.16.0.1.el9_0
M Resource Exhaustion	<1:8.11.0-1.16.16.0.1.el9_0
M Resource Exhaustion	<1:8.11.0-1.16.16.0.1.el9_0
M Allocation of Resources Without Limits or Throttling	*
M Resource Exhaustion	<1:8.11.0-1.16.16.0.1.el9_0

Vulnerability

Vulnerable Version

Resource Exhaustion

<1:10.7.0-1.18.20.4.1.module+el9.4.0+22195+c221878e

Incorrect Permission Assignment for Critical Resource

<1:10.8.1-1.20.16.0.1.module+el9.4.0+22197+9e60f127

CVE-2024-22020

<1:10.7.0-1.18.20.4.1.module+el9.4.0+22195+c221878e

CVE-2024-22018

<1:10.8.1-1.20.16.0.1.module+el9.4.0+22197+9e60f127

HTTP Request Smuggling

<1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7

Detection of Error Condition Without Action

<1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7

Resource Exhaustion

<1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7

Resource Exhaustion

<1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7

Buffer Under-read

<1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7

Improper Privilege Management

<1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a

Incomplete Documentation

<1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a

Directory Traversal

<1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a

Directory Traversal

<1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a

Resource Exhaustion

<1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a

Arbitrary Code Injection

<1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a

Covert Timing Channel

<1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a

Server-Side Request Forgery (SSRF)

Information Exposure

<1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5

Improper Validation of Integrity Check Value

<1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5

Arbitrary Code Injection

<1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5

Directory Traversal

<1:10.1.0-1.20.9.0.1.module+el9.3.0.z+20633+3a660725

Resource Exhaustion

<1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5

Arbitrary Code Injection

<1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0

Information Exposure

<1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0

Information Exposure

<1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0

Inefficient Regular Expression Complexity

<1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0

CVE-2023-30588

<1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07

CVE-2023-30589

<1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07

CVE-2023-30581

<1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07

CVE-2023-30590

<1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07

Out-of-bounds Write

<1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395

Use of Insufficiently Random Values

<1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395

Resource Exhaustion

<1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395

Use of Insufficiently Random Values

<1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395

Inefficient Regular Expression Complexity