snyk_docker.txt

Testing typescript-e-commerce:dev...

✗ Low severity vulnerability found in openssl/libcrypto1.1
  Description: Inadequate Encryption Strength
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-OPENSSL-1075739
  Introduced through: openssl/libcrypto1.1@1.1.1d-r3, openssl/libssl1.1@1.1.1d-r3, apk-tools/apk-tools@2.10.4-r3, libtls-standalone/libtls-standalone@2.9.1-r0
  From: openssl/libcrypto1.1@1.1.1d-r3
  From: openssl/libssl1.1@1.1.1d-r3 > openssl/libcrypto1.1@1.1.1d-r3
  From: apk-tools/apk-tools@2.10.4-r3 > openssl/libcrypto1.1@1.1.1d-r3
  and 4 more...
  Fixed in: 1.1.1j-r0

✗ Medium severity vulnerability found in openssl/libcrypto1.1
  Description: NULL Pointer Dereference
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-OPENSSL-1051931
  Introduced through: openssl/libcrypto1.1@1.1.1d-r3, openssl/libssl1.1@1.1.1d-r3, apk-tools/apk-tools@2.10.4-r3, libtls-standalone/libtls-standalone@2.9.1-r0
  From: openssl/libcrypto1.1@1.1.1d-r3
  From: openssl/libssl1.1@1.1.1d-r3 > openssl/libcrypto1.1@1.1.1d-r3
  From: apk-tools/apk-tools@2.10.4-r3 > openssl/libcrypto1.1@1.1.1d-r3
  and 4 more...
  Fixed in: 1.1.1i-r0

✗ Medium severity vulnerability found in openssl/libcrypto1.1
  Description: NULL Pointer Dereference
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-OPENSSL-1075737
  Introduced through: openssl/libcrypto1.1@1.1.1d-r3, openssl/libssl1.1@1.1.1d-r3, apk-tools/apk-tools@2.10.4-r3, libtls-standalone/libtls-standalone@2.9.1-r0
  From: openssl/libcrypto1.1@1.1.1d-r3
  From: openssl/libssl1.1@1.1.1d-r3 > openssl/libcrypto1.1@1.1.1d-r3
  From: apk-tools/apk-tools@2.10.4-r3 > openssl/libcrypto1.1@1.1.1d-r3
  and 4 more...
  Fixed in: 1.1.1j-r0

✗ Medium severity vulnerability found in openssl/libcrypto1.1
  Description: NULL Pointer Dereference
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-OPENSSL-1089241
  Introduced through: openssl/libcrypto1.1@1.1.1d-r3, openssl/libssl1.1@1.1.1d-r3, apk-tools/apk-tools@2.10.4-r3, libtls-standalone/libtls-standalone@2.9.1-r0
  From: openssl/libcrypto1.1@1.1.1d-r3
  From: openssl/libssl1.1@1.1.1d-r3 > openssl/libcrypto1.1@1.1.1d-r3
  From: apk-tools/apk-tools@2.10.4-r3 > openssl/libcrypto1.1@1.1.1d-r3
  and 4 more...
  Fixed in: 1.1.1k-r0

✗ Medium severity vulnerability found in musl/musl
  Description: Out-of-bounds Write
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-MUSL-1042763
  Introduced through: musl/musl@1.1.24-r2, busybox/busybox@1.31.1-r9, alpine-baselayout/alpine-baselayout@3.2.0-r3, openssl/libcrypto1.1@1.1.1d-r3, openssl/libssl1.1@1.1.1d-r3, zlib/zlib@1.2.11-r3, apk-tools/apk-tools@2.10.4-r3, libtls-standalone/libtls-standalone@2.9.1-r0, busybox/ssl_client@1.31.1-r9, gcc/libgcc@9.2.0-r4, musl/musl-utils@1.1.24-r2, pax-utils/scanelf@1.2.4-r0, libc-dev/libc-utils@0.7.2-r0
  From: musl/musl@1.1.24-r2
  From: busybox/busybox@1.31.1-r9 > musl/musl@1.1.24-r2
  From: alpine-baselayout/alpine-baselayout@3.2.0-r3 > musl/musl@1.1.24-r2
  and 12 more...
  Fixed in: 1.1.24-r3

✗ Medium severity vulnerability found in busybox/busybox
  Description: Out-of-bounds Read
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-BUSYBOX-1920721
  Introduced through: busybox/busybox@1.31.1-r9, alpine-baselayout/alpine-baselayout@3.2.0-r3, busybox/ssl_client@1.31.1-r9
  From: busybox/busybox@1.31.1-r9
  From: alpine-baselayout/alpine-baselayout@3.2.0-r3 > busybox/busybox@1.31.1-r9
  From: busybox/ssl_client@1.31.1-r9
  Fixed in: 1.31.1-r11

✗ High severity vulnerability found in openssl/libcrypto1.1
  Description: Integer Overflow or Wraparound
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-OPENSSL-1075738
  Introduced through: openssl/libcrypto1.1@1.1.1d-r3, openssl/libssl1.1@1.1.1d-r3, apk-tools/apk-tools@2.10.4-r3, libtls-standalone/libtls-standalone@2.9.1-r0
  From: openssl/libcrypto1.1@1.1.1d-r3
  From: openssl/libssl1.1@1.1.1d-r3 > openssl/libcrypto1.1@1.1.1d-r3
  From: apk-tools/apk-tools@2.10.4-r3 > openssl/libcrypto1.1@1.1.1d-r3
  and 4 more...
  Fixed in: 1.1.1j-r0

✗ High severity vulnerability found in openssl/libcrypto1.1
  Description: Improper Certificate Validation
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-OPENSSL-1089242
  Introduced through: openssl/libcrypto1.1@1.1.1d-r3, openssl/libssl1.1@1.1.1d-r3, apk-tools/apk-tools@2.10.4-r3, libtls-standalone/libtls-standalone@2.9.1-r0
  From: openssl/libcrypto1.1@1.1.1d-r3
  From: openssl/libssl1.1@1.1.1d-r3 > openssl/libcrypto1.1@1.1.1d-r3
  From: apk-tools/apk-tools@2.10.4-r3 > openssl/libcrypto1.1@1.1.1d-r3
  and 4 more...
  Fixed in: 1.1.1k-r0

✗ High severity vulnerability found in openssl/libcrypto1.1
  Description: Out-of-bounds Read
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-OPENSSL-1569447
  Introduced through: openssl/libcrypto1.1@1.1.1d-r3, openssl/libssl1.1@1.1.1d-r3, apk-tools/apk-tools@2.10.4-r3, libtls-standalone/libtls-standalone@2.9.1-r0
  From: openssl/libcrypto1.1@1.1.1d-r3
  From: openssl/libssl1.1@1.1.1d-r3 > openssl/libcrypto1.1@1.1.1d-r3
  From: apk-tools/apk-tools@2.10.4-r3 > openssl/libcrypto1.1@1.1.1d-r3
  and 4 more...
  Fixed in: 1.1.1l-r0

✗ High severity vulnerability found in openssl/libcrypto1.1
  Description: NULL Pointer Dereference
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-OPENSSL-587980
  Introduced through: openssl/libcrypto1.1@1.1.1d-r3, openssl/libssl1.1@1.1.1d-r3, apk-tools/apk-tools@2.10.4-r3, libtls-standalone/libtls-standalone@2.9.1-r0
  From: openssl/libcrypto1.1@1.1.1d-r3
  From: openssl/libssl1.1@1.1.1d-r3 > openssl/libcrypto1.1@1.1.1d-r3
  From: apk-tools/apk-tools@2.10.4-r3 > openssl/libcrypto1.1@1.1.1d-r3
  and 4 more...
  Fixed in: 1.1.1g-r0

✗ High severity vulnerability found in gcc/libstdc++
  Description: Insufficient Entropy
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-GCC-598616
  Introduced through: gcc/libstdc++@9.2.0-r4, gcc/libgcc@9.2.0-r4
  From: gcc/libstdc++@9.2.0-r4
  From: gcc/libgcc@9.2.0-r4 > gcc/libstdc++@9.2.0-r4
  From: gcc/libgcc@9.2.0-r4
  Fixed in: 9.3.0-r0

✗ High severity vulnerability found in busybox/busybox
  Description: Improper Handling of Exceptional Conditions
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-BUSYBOX-1090152
  Introduced through: busybox/busybox@1.31.1-r9, alpine-baselayout/alpine-baselayout@3.2.0-r3, busybox/ssl_client@1.31.1-r9
  From: busybox/busybox@1.31.1-r9
  From: alpine-baselayout/alpine-baselayout@3.2.0-r3 > busybox/busybox@1.31.1-r9
  From: busybox/ssl_client@1.31.1-r9
  Fixed in: 1.31.1-r10

✗ High severity vulnerability found in busybox/busybox
  Description: Use After Free
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-BUSYBOX-1920714
  Introduced through: busybox/busybox@1.31.1-r9, alpine-baselayout/alpine-baselayout@3.2.0-r3, busybox/ssl_client@1.31.1-r9
  From: busybox/busybox@1.31.1-r9
  From: alpine-baselayout/alpine-baselayout@3.2.0-r3 > busybox/busybox@1.31.1-r9
  From: busybox/ssl_client@1.31.1-r9
  Fixed in: 1.31.1-r11

✗ High severity vulnerability found in busybox/busybox
  Description: Use After Free
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-BUSYBOX-1920716
  Introduced through: busybox/busybox@1.31.1-r9, alpine-baselayout/alpine-baselayout@3.2.0-r3, busybox/ssl_client@1.31.1-r9
  From: busybox/busybox@1.31.1-r9
  From: alpine-baselayout/alpine-baselayout@3.2.0-r3 > busybox/busybox@1.31.1-r9
  From: busybox/ssl_client@1.31.1-r9
  Fixed in: 1.31.1-r11

✗ High severity vulnerability found in busybox/busybox
  Description: Use After Free
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-BUSYBOX-1920723
  Introduced through: busybox/busybox@1.31.1-r9, alpine-baselayout/alpine-baselayout@3.2.0-r3, busybox/ssl_client@1.31.1-r9
  From: busybox/busybox@1.31.1-r9
  From: alpine-baselayout/alpine-baselayout@3.2.0-r3 > busybox/busybox@1.31.1-r9
  From: busybox/ssl_client@1.31.1-r9
  Fixed in: 1.31.1-r11

✗ High severity vulnerability found in busybox/busybox
  Description: Use After Free
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-BUSYBOX-1920724
  Introduced through: busybox/busybox@1.31.1-r9, alpine-baselayout/alpine-baselayout@3.2.0-r3, busybox/ssl_client@1.31.1-r9
  From: busybox/busybox@1.31.1-r9
  From: alpine-baselayout/alpine-baselayout@3.2.0-r3 > busybox/busybox@1.31.1-r9
  From: busybox/ssl_client@1.31.1-r9
  Fixed in: 1.31.1-r11

✗ High severity vulnerability found in busybox/busybox
  Description: Use After Free
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-BUSYBOX-1920740
  Introduced through: busybox/busybox@1.31.1-r9, alpine-baselayout/alpine-baselayout@3.2.0-r3, busybox/ssl_client@1.31.1-r9
  From: busybox/busybox@1.31.1-r9
  From: alpine-baselayout/alpine-baselayout@3.2.0-r3 > busybox/busybox@1.31.1-r9
  From: busybox/ssl_client@1.31.1-r9
  Fixed in: 1.31.1-r11

✗ High severity vulnerability found in busybox/busybox
  Description: Use After Free
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-BUSYBOX-1920741
  Introduced through: busybox/busybox@1.31.1-r9, alpine-baselayout/alpine-baselayout@3.2.0-r3, busybox/ssl_client@1.31.1-r9
  From: busybox/busybox@1.31.1-r9
  From: alpine-baselayout/alpine-baselayout@3.2.0-r3 > busybox/busybox@1.31.1-r9
  From: busybox/ssl_client@1.31.1-r9
  Fixed in: 1.31.1-r11

✗ High severity vulnerability found in busybox/busybox
  Description: Use After Free
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-BUSYBOX-1920749
  Introduced through: busybox/busybox@1.31.1-r9, alpine-baselayout/alpine-baselayout@3.2.0-r3, busybox/ssl_client@1.31.1-r9
  From: busybox/busybox@1.31.1-r9
  From: alpine-baselayout/alpine-baselayout@3.2.0-r3 > busybox/busybox@1.31.1-r9
  From: busybox/ssl_client@1.31.1-r9
  Fixed in: 1.31.1-r11

✗ High severity vulnerability found in busybox/busybox
  Description: Use After Free
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-BUSYBOX-1920753
  Introduced through: busybox/busybox@1.31.1-r9, alpine-baselayout/alpine-baselayout@3.2.0-r3, busybox/ssl_client@1.31.1-r9
  From: busybox/busybox@1.31.1-r9
  From: alpine-baselayout/alpine-baselayout@3.2.0-r3 > busybox/busybox@1.31.1-r9
  From: busybox/ssl_client@1.31.1-r9
  Fixed in: 1.31.1-r11

✗ High severity vulnerability found in busybox/busybox
  Description: Use After Free
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-BUSYBOX-1920756
  Introduced through: busybox/busybox@1.31.1-r9, alpine-baselayout/alpine-baselayout@3.2.0-r3, busybox/ssl_client@1.31.1-r9
  From: busybox/busybox@1.31.1-r9
  From: alpine-baselayout/alpine-baselayout@3.2.0-r3 > busybox/busybox@1.31.1-r9
  From: busybox/ssl_client@1.31.1-r9
  Fixed in: 1.31.1-r11

✗ High severity vulnerability found in apk-tools/apk-tools
  Description: Out-of-bounds Read
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-APKTOOLS-1246343
  Introduced through: apk-tools/apk-tools@2.10.4-r3
  From: apk-tools/apk-tools@2.10.4-r3
  Fixed in: 2.10.6-r0

✗ Critical severity vulnerability found in zlib/zlib
  Description: Out-of-bounds Write
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-ZLIB-2977081
  Introduced through: zlib/zlib@1.2.11-r3, apk-tools/apk-tools@2.10.4-r3
  From: zlib/zlib@1.2.11-r3
  From: apk-tools/apk-tools@2.10.4-r3 > zlib/zlib@1.2.11-r3
  Fixed in: 1.2.11-r4

✗ Critical severity vulnerability found in openssl/libcrypto1.1
  Description: Buffer Overflow
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-OPENSSL-1569451
  Introduced through: openssl/libcrypto1.1@1.1.1d-r3, openssl/libssl1.1@1.1.1d-r3, apk-tools/apk-tools@2.10.4-r3, libtls-standalone/libtls-standalone@2.9.1-r0
  From: openssl/libcrypto1.1@1.1.1d-r3
  From: openssl/libssl1.1@1.1.1d-r3 > openssl/libcrypto1.1@1.1.1d-r3
  From: apk-tools/apk-tools@2.10.4-r3 > openssl/libcrypto1.1@1.1.1d-r3
  and 4 more...
  Fixed in: 1.1.1l-r0

✗ Critical severity vulnerability found in apk-tools/apk-tools
  Description: Out-of-bounds Read
  Info: https://security.snyk.io/vuln/SNYK-ALPINE311-APKTOOLS-1534687
  Introduced through: apk-tools/apk-tools@2.10.4-r3
  From: apk-tools/apk-tools@2.10.4-r3
  Fixed in: 2.10.7-r0

------------ Detected 17 vulnerabilities for node@13.12.0 ------------ 


✗ Low severity vulnerability found in node
  Description: Improper Input Validation
  Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-1540539
  Introduced through: node@13.12.0
  From: node@13.12.0
  Fixed in: 14.17.5

✗ Medium severity vulnerability found in node
  Description: Use After Free
  Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-1055471
  Introduced through: node@13.12.0
  From: node@13.12.0
  Fixed in: 14.15.4

✗ Medium severity vulnerability found in node
  Description: NULL Pointer Dereference
  Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-1243766
  Introduced through: node@13.12.0
  From: node@13.12.0
  Fixed in: 14.16.1

✗ Medium severity vulnerability found in node
  Description: Improper Input Validation
  Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-1540538
  Introduced through: node@13.12.0
  From: node@13.12.0
  Fixed in: 14.17.5

✗ Medium severity vulnerability found in node
  Description: HTTP Request Smuggling
  Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-1731310
  Introduced through: node@13.12.0
  From: node@13.12.0
  Fixed in: 14.18.1

✗ Medium severity vulnerability found in node
  Description: HTTP Request Smuggling
  Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-1731312
  Introduced through: node@13.12.0
  From: node@13.12.0
  Fixed in: 14.18.1

✗ Medium severity vulnerability found in node
  Description: DNS Rebinding
  Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-2946423
  Introduced through: node@13.12.0
  From: node@13.12.0
  Fixed in: 14.20.0, 16.16.0, 18.5.0

✗ Medium severity vulnerability found in node
  Description: HTTP Request Smuggling
  Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-2946427
  Introduced through: node@13.12.0
  From: node@13.12.0
  Fixed in: 14.20.0, 16.16.0, 18.5.0

✗ Medium severity vulnerability found in node
  Description: HTTP Request Smuggling
  Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-2946428
  Introduced through: node@13.12.0
  From: node@13.12.0
  Fixed in: 14.20.0, 16.16.0, 18.5.0

✗ Medium severity vulnerability found in node
  Description: HTTP Request Smuggling
  Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-2946723
  Introduced through: node@13.12.0
  From: node@13.12.0
  Fixed in: 14.20.0, 16.16.0, 18.5.0

✗ Medium severity vulnerability found in node
  Description: DLL Hijacking
  Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-2946727
  Introduced through: node@13.12.0
  From: node@13.12.0
  Fixed in: 14.20.0, 16.16.0, 18.5.0

✗ Medium severity vulnerability found in node
  Description: Information Exposure
  Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-2946729
  Introduced through: node@13.12.0
  From: node@13.12.0
  Fixed in: 14.20.0, 16.16.0, 18.5.0

✗ High severity vulnerability found in node
  Description: HTTP Request Smuggling
  Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-1055465
  Introduced through: node@13.12.0
  From: node@13.12.0
  Fixed in: 14.15.4

✗ High severity vulnerability found in node
  Description: Improper Certificate Validation
  Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-1243765
  Introduced through: node@13.12.0
  From: node@13.12.0
  Fixed in: 14.16.1

✗ High severity vulnerability found in node
  Description: Privilege Escalation
  Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-1315789
  Introduced through: node@13.12.0
  From: node@13.12.0
  Fixed in: 14.17.2

✗ High severity vulnerability found in node
  Description: Out-of-bounds Read
  Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-1315790
  Introduced through: node@13.12.0
  From: node@13.12.0
  Fixed in: 14.17.2

✗ High severity vulnerability found in node
  Description: Use After Free
  Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-1540540
  Introduced through: node@13.12.0
  From: node@13.12.0
  Fixed in: 14.17.5

Organization:      matthewhaneburger
Package manager:   apk
Project name:      docker-image|typescript-e-commerce
Docker image:      typescript-e-commerce:dev
Platform:          linux/amd64
Base image:        node:13.12-alpine
Licenses:          enabled

Tested 16 dependencies for known issues, found 42 issues.

Base Image         Vulnerabilities  Severity
node:13.12-alpine  42               3 critical, 21 high, 16 medium, 2 low

Recommendations for base image upgrade:

Major upgrades
Base Image      Vulnerabilities  Severity
node:18-alpine  0                0 critical, 0 high, 0 medium, 0 low

Alternative image types
Base Image                  Vulnerabilities  Severity
node:16-bullseye-slim       46               1 critical, 2 high, 0 medium, 43 low
node:current-bullseye-slim  46               1 critical, 2 high, 0 medium, 43 low
node:current-buster-slim    72               1 critical, 2 high, 0 medium, 69 low

Alpine 3.11.5 is no longer supported by the Alpine maintainers. Vulnerability detection may be affected by a lack of security updates.

-------------------------------------------------------

Testing typescript-e-commerce:dev...

Tested 1348 dependencies for known issues, found 24 issues.


Issues with no direct upgrade or patch:
  ✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-AJV-584908] in ajv@5.5.2
    introduced by @sanity/core@2.30.3 > @sanity/server@2.30.3 > extract-text-webpack-plugin@3.0.2 > schema-utils@0.3.0 > ajv@5.5.2
  This issue was fixed in versions: 6.12.3
  ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@3.0.0
    introduced by @sanity/core@2.30.3 > @sanity/server@2.30.3 > @sanity/css-loader@0.28.12 > postcss@5.2.18 > chalk@1.1.3 > has-ansi@2.0.0 > ansi-regex@2.1.1 and 10 other path(s)
  This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1
  ✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-ASYNC-2441827] in async@2.6.3
    introduced by @sanity/core@2.30.3 > @sanity/server@2.30.3 > extract-text-webpack-plugin@3.0.2 > async@2.6.3 and 1 other path(s)
  This issue was fixed in versions: 2.6.4, 3.2.2
  ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194] in browserslist@2.11.3
    introduced by @sanity/core@2.30.3 > @sanity/webpack-integration@2.30.3 > postcss-cssnext@3.1.1 > autoprefixer@7.2.6 > browserslist@2.11.3 and 8 other path(s)
  This issue was fixed in versions: 4.16.5
  ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-COLORSTRING-1082939] in color-string@0.3.0
    introduced by @sanity/core@2.30.3 > @sanity/webpack-integration@2.30.3 > css-color-function@1.3.3 > color@0.11.4 > color-string@0.3.0 and 8 other path(s)
  This issue was fixed in versions: 1.5.5
  ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-CSSWHAT-1298035] in css-what@3.4.2
    introduced by @sanity/core@2.30.3 > @sanity/server@2.30.3 > @sanity/css-loader@0.28.12 > cssnano@4.1.11 > cssnano-preset-default@4.0.8 > postcss-svgo@4.0.3 > svgo@1.3.2 > css-select@2.1.0 > css-what@3.4.2
  This issue was fixed in versions: 5.0.1
  ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181] in follow-redirects@1.14.6
    introduced by @sanity/core@2.30.3 > get-it@5.2.1 > follow-redirects@1.14.6 and 71 other path(s)
  This issue was fixed in versions: 1.14.7
  ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346] in follow-redirects@1.14.6
    introduced by @sanity/core@2.30.3 > get-it@5.2.1 > follow-redirects@1.14.6 and 71 other path(s)
  This issue was fixed in versions: 1.14.8
  ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905] in glob-parent@3.1.0
    introduced by @sanity/core@2.30.3 > @sanity/server@2.30.3 > webpack@3.12.0 > watchpack@1.7.5 > watchpack-chokidar2@2.0.1 > chokidar@2.1.8 > glob-parent@3.1.0
  This issue was fixed in versions: 5.1.2
  ✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0
    introduced by @sanity/core@2.30.3 > @sanity/webpack-integration@2.30.3 > postcss-cssnext@3.1.1 > postcss-initial@2.0.0 > lodash.template@4.5.0 and 2 other path(s)
  No upgrade or patch available
  ✗ Prototype Pollution [Low Severity][https://security.snyk.io/vuln/SNYK-JS-MINIMIST-2429795] in minimist@1.2.5
    introduced by @sanity/core@2.30.3 > json5@1.0.1 > minimist@1.2.5 and 16 other path(s)
  This issue was fixed in versions: 1.2.6
  ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-NANOID-2332193] in nanoid@3.1.30
    introduced by @sanity/base@2.30.4 > nanoid@3.1.30 and 13 other path(s)
  This issue was fixed in versions: 3.1.31
  ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-NODEFETCH-2342118] in node-fetch@2.6.1
    introduced by @sanity/vision@2.30.4 > react-json-view@1.21.3 > flux@4.0.3 > fbjs@3.0.2 > cross-fetch@3.1.4 > node-fetch@2.6.1 and 1 other path(s)
  This issue was fixed in versions: 2.6.7, 3.1.1
  ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-NTHCHECK-1586032] in nth-check@1.0.2
    introduced by @sanity/core@2.30.3 > @sanity/server@2.30.3 > @sanity/css-loader@0.28.12 > cssnano@4.1.11 > cssnano-preset-default@4.0.8 > postcss-svgo@4.0.3 > svgo@1.3.2 > css-select@2.1.0 > nth-check@1.0.2
  This issue was fixed in versions: 2.0.1
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-NWSAPI-2841516] in nwsapi@2.2.0
    introduced by @sanity/core@2.30.3 > jsdom@12.2.0 > nwsapi@2.2.0
  This issue was fixed in versions: 2.2.1
  ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-POSTCSS-1255640] in postcss@5.2.18
    introduced by @sanity/core@2.30.3 > @sanity/webpack-integration@2.30.3 > postcss-color-function@4.1.0 > postcss@6.0.23 and 111 other path(s)
  This issue was fixed in versions: 8.2.13, 7.0.36
  ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251] in uglify-js@2.8.29
    introduced by @sanity/core@2.30.3 > @sanity/server@2.30.3 > webpack@3.12.0 > uglifyjs-webpack-plugin@0.4.6 > uglify-js@2.8.29
  This issue was fixed in versions: 3.14.3
  ✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660] in unset-value@1.0.0
    introduced by @sanity/core@2.30.3 > @sanity/server@2.30.3 > webpack@3.12.0 > watchpack@1.7.5 > watchpack-chokidar2@2.0.1 > chokidar@2.1.8 > braces@2.3.2 > snapdragon@0.8.2 > base@0.11.2 > cache-base@1.0.1 > unset-value@1.0.0 and 10 other path(s)
  This issue was fixed in versions: 2.0.1
  ✗ Access Restriction Bypass [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-URLPARSE-2401205] in url-parse@1.5.3
    introduced by @sanity/core@2.30.3 > get-it@5.2.1 > url-parse@1.5.3 and 71 other path(s)
  This issue was fixed in versions: 1.5.6
  ✗ Authorization Bypass [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-URLPARSE-2407759] in url-parse@1.5.3
    introduced by @sanity/core@2.30.3 > get-it@5.2.1 > url-parse@1.5.3 and 71 other path(s)
  This issue was fixed in versions: 1.5.8
  ✗ Improper Input Validation [High Severity][https://security.snyk.io/vuln/SNYK-JS-URLPARSE-2407770] in url-parse@1.5.3
    introduced by @sanity/core@2.30.3 > get-it@5.2.1 > url-parse@1.5.3 and 71 other path(s)
  This issue was fixed in versions: 1.5.9
  ✗ Authorization Bypass Through User-Controlled Key [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-URLPARSE-2412697] in url-parse@1.5.3
    introduced by @sanity/core@2.30.3 > get-it@5.2.1 > url-parse@1.5.3 and 71 other path(s)
  This issue was fixed in versions: 1.5.7
  ✗ Prototype Pollution [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-YARGSPARSER-560381] in yargs-parser@7.0.0
    introduced by @sanity/core@2.30.3 > @sanity/server@2.30.3 > webpack@3.12.0 > yargs@8.0.2 > yargs-parser@7.0.0
  This issue was fixed in versions: 5.0.1, 13.1.2, 15.0.1, 18.1.1
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/npm:mem:20180117] in mem@1.1.0
    introduced by @sanity/core@2.30.3 > @sanity/server@2.30.3 > webpack@3.12.0 > yargs@8.0.2 > os-locale@2.1.0 > mem@1.1.0
  This issue was fixed in versions: 4.0.0



Organization:      matthewhaneburger
Package manager:   yarn
Target file:       /app/sanity.io/package.json
Project name:      UFF
Docker image:      typescript-e-commerce:dev
Licenses:          enabled


Tested 2 projects, 2 contained vulnerable paths.