Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ogp #1439

Merged
merged 46 commits into from
Mar 15, 2024
Merged

Ogp #1439

merged 46 commits into from
Mar 15, 2024

Conversation

tubone24
Copy link
Owner

PR title

Status

READY/IN DEVELOPMENT/HOLD

Description

A few sentences describing the overall goals of the pull request's commits.

Related PRs

List related PRs against other branches:

branch PR
other_pr_master link
other_pr_develop link

Todos

  • Tests
  • e2e Tests
  • Storybook
  • Documentation

Steps to Test or Reproduce

Outline the steps to test or reproduce the PR here.

git pull --prune
git checkout <feature_branch>
yarn test

Preview Deploy

Describe the URL of the Preview Deploy.

link

Impacted Areas in Application

List general components of the application that this PR will affect:

  • aaa
  • bbb

Screenshot

Replace FIXME_BRANCH_NAME, FIXME_PR_NUMBER in the URL below with this branch name and PR number.

Desktop

Width 1200px

Desktop Home

Mobile

Width 400px

mobile home

Copy link
Contributor

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies
- @popperjs/core
- @sentry/node
- @sentry/profiling-node
- @sentry/react
- @typescript-eslint/eslint-plugin
- babel-loader
- babel-polyfill
- classnames
- flexboxgrid
- gatsby-legacy-polyfills
- gatsby-plugin-flexsearch
- gatsby-plugin-twitter
- gatsby-react-router-scroll
- html-minifier
- intersection-observer
- md5
- opentype.js
- preact
- preact-render-to-string
- react-body-classname
- react-dom
- rimraf
- sass
- typescript
Unused devdependencies
- @babel/core
- @babel/eslint-parser
- @babel/preset-typescript
- @storybook/addon-a11y
- @storybook/addon-controls
- @storybook/addon-essentials
- @storybook/addon-info
- @storybook/addon-interactions
- @storybook/addon-knobs
- @storybook/addon-links
- @storybook/addon-storysource
- @storybook/addon-viewport
- @storybook/builder-webpack5
- @storybook/manager-webpack5
- @textlint-rule/textlint-rule-no-duplicate-abbr
- @types/jest
- @types/react-test-renderer
- @types/responselike
- axe-core
- babel-plugin-transform-runtime
- core-js
- cross-env
- css-loader
- eslint
- eslint-config-airbnb
- eslint-import-resolver-webpack
- eslint-plugin-import
- eslint-plugin-jsx-a11y
- eslint-plugin-react
- gh-pages
- husky
- identity-obj-proxy
- jest
- jest-environment-jsdom
- markdownlint-cli2
- memlab
- netlify-cli
- netlify-lambda
- nyc
- prettier
- react-test-renderer
- sass-loader
- start-server-and-test
- stylelint
- stylelint-config-recess-order
- stylelint-config-recommended-scss
- stylelint-config-standard
- stylelint-scss
- textlint
- textlint-filter-rule-allowlist
- textlint-filter-rule-comments
- textlint-rule-aws-spellcheck
- textlint-rule-ja-no-inappropriate-words
- textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet
- textlint-rule-no-start-duplicated-conjunction
- textlint-rule-preset-smarthr
- textlint-rule-prh
- textlint-rule-terminology
- ts-jest
- yaml-lint
Missing
- colors
  - /github/workspace/src/styles/_hover.scss

- @algolia/transporter
  - /github/workspace/src/components/SearchBox/index.tsx

- @algolia/client-search
  - /github/workspace/src/components/SearchBox/index.tsx

- qs
  - /github/workspace/scripts/benchmark.js

- https
  - /github/workspace/scripts/uploadScreenShot.ts

@github-actions github-actions bot temporarily deployed to development-storybook March 12, 2024 16:37 Inactive
github-actions bot pushed a commit that referenced this pull request Mar 12, 2024
Copy link
Contributor

Memlab leaks report

page-load [7.3MB] (baseline) [s1] > action-on-page [8.3MB] (target) [s2] > revert [9.3MB] (final) [s3]  
------2 clusters------

--Similar leaks in this run: 1520--
--Retained size of leaked objects: 169.5KB--
[<synthetic>] (synthetic) @1 [10.5MB]
  --2 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @6267 [62.3KB]
  --setTimeout (property)--->  [<closure>] (closure) @48435 [72 bytes]
  --context (internal)--->  [<function scope>] (object) @113509 [20 bytes]
  --previous (internal)--->  [<function scope>] (object) @86089 [36KB]
  --n (variable)--->  [t] (closure) @112519 [1.3KB]
  --context (internal)--->  [<function scope>] (object) @239959 [48.9KB]
  --n (variable)--->  [Object] (object) @246939 [48.8KB]
  --449 (element)--->  [Object] (object) @247379 [24 bytes]
  --exports (property)--->  [r] (closure) @138363 [2.7KB]
  --hasData (property)--->  [<closure>] (closure) @282995 [80 bytes]
  --context (internal)--->  [<function scope>] (object) @155225 [1.5KB]
  --e (variable)--->  [Object] (object) @155227 [1KB]
  --2 (element)--->  [Object] (object) @337097 [76 bytes]
  --aaAutocomplete (property)--->  [f] (object) @337101 [348 bytes]
  --$node (property)--->  [q] (object) @341011 [188 bytes]
  --0 (element)--->  [Detached HTMLSpanElement] (native) @333781 [676 bytes]
  --7 (element)--->  [Detached HTMLDivElement] (native) @334355 [5.7KB]
  --7 (element)--->  [Detached HTMLDivElement] (native) @334203 [444 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @334383 [444 bytes]
  --6 (element)--->  [Detached HTMLAnchorElement] (native) @333851 [2.5KB]
  --12 (element)--->  [Detached InternalNode] (native) @29032 [488 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @29022 [432 bytes]
  --4 (element)--->  [Detached ElementIntersectionObserverData] (native) @29018 [72 bytes]

--Similar leaks in this run: 479--
--Retained size of leaked objects: 50.1KB--
[<synthetic>] (synthetic) @1 [10.5MB]
  --2 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @6267 [62.3KB]
  --___replace (property)--->  [<closure>] (closure) @48771 [80 bytes]
  --context (internal)--->  [<function scope>] (object) @108805 [748 bytes]
  --a (variable)--->  [Module] (object) @138317 [6.3KB]
  --get version (property)--->  [version] (closure) @212763 [80 bytes]
  --context (internal)--->  [<function scope>] (object) @120915 [6.5KB]
  --Qn (variable)--->  [y] (object) @406161 [368 bytes]
  --props (property)--->  [Object] (object) @407761 [28 bytes]
  --children (property)--->  [Object] (object) @438091 [296 bytes]
  --props (property)--->  [Object] (object) @437515 [56 bytes]
  --children (property)--->  [Object] (object) @437519 [1.2KB]
  --__ (property)--->  [Object] (object) @464421 [1.1KB]
  --__ (property)--->  [Object] (object) @464425 [940 bytes]
  --__ (property)--->  [Object] (object) @414013 [736 bytes]
  --__d (property)--->  [Detached HTMLDivElement] (native) @334243 [468 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @334241 [384 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @334239 [384 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @334237 [8KB]
  --5 (element)--->  [Detached HTMLDivElement] (native) @334235 [7.2KB]
  --5 (element)--->  [Detached HTMLHeadingElement] (native) @334231 [664 bytes]
  --9 (element)--->  [Detached InternalNode] (native) @29906 [240 bytes]
  --2 (element)--->  [Detached InternalNode] (native) @29908 [56 bytes]
  --1 (element)--->  [Detached NodeList] (native) @32346 [56 bytes]

Copy link
Contributor

Snyk vulnerability report

OSS packages

Tested 1738 dependencies for known issues, found 15 issues, 49 vulnerable paths.

Issues to fix by upgrading:

Upgrade @sentry/[email protected] to @sentry/[email protected] to fix
✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in [email protected]
introduced by @sentry/[email protected] > [email protected] > [email protected] > [email protected] and 15 other path(s)

Upgrade [email protected] to [email protected] to fix
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in [email protected]
introduced by [email protected] > [email protected]
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in [email protected]
introduced by [email protected] > [email protected] > [email protected] and 1 other path(s)
✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in [email protected]
introduced by [email protected] > [email protected] and 3 other path(s)

Upgrade [email protected] to [email protected] to fix
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in [email protected]
introduced by [email protected] > [email protected] > [email protected] and 1 other path(s)

Upgrade [email protected] to [email protected] to fix
✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in [email protected]
introduced by [email protected] > [email protected] and 3 other path(s)

Upgrade [email protected] to [email protected] to fix
✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in [email protected]
introduced by [email protected] > [email protected] and 3 other path(s)

Upgrade [email protected] to [email protected] to fix
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in [email protected]
introduced by [email protected]
✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334] in [email protected]
introduced by [email protected] > [email protected]

Issues with no direct upgrade or patch:
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in [email protected]
introduced by [email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1
✗ Cross-site Request Forgery (CSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459] in [email protected]
introduced by @raae/[email protected] > [email protected] and 2 other path(s)
This issue was fixed in versions: 1.6.0
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6124857] in [email protected]
introduced by @raae/[email protected] > [email protected] and 2 other path(s)
This issue was fixed in versions: 1.6.3
✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788] in [email protected]
introduced by @raae/[email protected] > [email protected] and 2 other path(s)
This issue was fixed in versions: 1.6.4
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ES5EXT-6095076] in [email protected]
introduced by [email protected] > [email protected] > [email protected] and 8 other path(s)
This issue was fixed in versions: 0.10.63
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in [email protected]
introduced by [email protected]
No upgrade or patch available
✗ Server-side Request Forgery (SSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-IP-6240864] in [email protected]
introduced by @sentry/[email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
This issue was fixed in versions: 1.1.9, 2.0.1
✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in [email protected]
introduced by [email protected] > [email protected] > [email protected]
No upgrade or patch available
✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607] in [email protected]
introduced by [email protected] > [email protected] > [email protected] and 1 other path(s)
This issue was fixed in versions: 6.0.2

Organization: tubone24
Package manager: yarn
Target file: yarn.lock
Project name: blog
Open source: no
Project path: .
Licenses: enabled

Tip: Detected multiple supported manifests (1), use --all-projects to scan all of them at once.

Application

✗ [Medium] Path Traversal
Path: scripts/benchmark.js, line 23
Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files.

✗ [Medium] Path Traversal
Path: scripts/benchmark.js, line 25
Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files.

✗ [Medium] Path Traversal
Path: scripts/benchmark.js, line 41
Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files.

✔ Test completed

Organization: tubone24
Test type: Static code analysis
Project path: .

Summary:

3 Code issues found
3 [Medium]

IaC

Snyk Infrastructure as Code

  • Snyk testing Infrastructure as Code configuration issues.
    ✔ Test completed.

Issues
No vulnerable paths were found!


Test Summary

Organization: tubone24
Project name: tubone24/blog

✔ Files without issues: 3
✗ Files with issues: 0
Ignored issues: 0
Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ]


Tip

New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog...

✗ Low severity vulnerability found in util-linux/libuuid1
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833
Introduced through: util-linux/[email protected], [email protected]+deb10u3, util-linux/[email protected], util-linux/[email protected], util-linux/[email protected], [email protected], sysvinit/[email protected], util-linux/bsdutils@1:2.33.1-0.1, util-linux/[email protected], util-linux/[email protected], util-linux/[email protected]
From: util-linux/[email protected]
From: [email protected]+deb10u3 > util-linux/[email protected]
From: [email protected]+deb10u3 > util-linux/[email protected] > util-linux/[email protected]
and 25 more...

✗ Low severity vulnerability found in util-linux/libuuid1
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082
Introduced through: util-linux/[email protected], [email protected]+deb10u3, util-linux/[email protected], util-linux/[email protected], util-linux/[email protected], [email protected], sysvinit/[email protected], util-linux/bsdutils@1:2.33.1-0.1, util-linux/[email protected], util-linux/[email protected], util-linux/[email protected]
From: util-linux/[email protected]
From: [email protected]+deb10u3 > util-linux/[email protected]
From: [email protected]+deb10u3 > util-linux/[email protected] > util-linux/[email protected]
and 25 more...

✗ Low severity vulnerability found in tar
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001
Introduced through: [email protected]+dfsg-6
From: [email protected]+dfsg-6

✗ Low severity vulnerability found in tar
Description: CVE-2005-2541
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331
Introduced through: [email protected]+dfsg-6
From: [email protected]+dfsg-6

✗ Low severity vulnerability found in tar
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529
Introduced through: [email protected]+dfsg-6
From: [email protected]+dfsg-6

✗ Low severity vulnerability found in tar
Description: NULL Pointer Dereference
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203
Introduced through: [email protected]+dfsg-6
From: [email protected]+dfsg-6

✗ Low severity vulnerability found in tar
Description: CVE-2023-39804
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-6120423
Introduced through: [email protected]+dfsg-6
From: [email protected]+dfsg-6
Fixed in: 1.30+dfsg-6+deb10u1

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Authentication Bypass
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Link Following
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Privilege Chaining
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Incorrect Privilege Assignment
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Missing Release of Resource after Effective Lifetime
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Improper Validation of Integrity Check Value
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Improper Validation of Integrity Check Value
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Improper Validation of Integrity Check Value
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: CVE-2023-7008
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6137710
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: CVE-2023-50868
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277511
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Time-of-check Time-of-use (TOCTOU)
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205
Introduced through: shadow/passwd@1:4.5-1.1, [email protected], shadow/login@1:4.5-1.1, util-linux/[email protected]
From: shadow/passwd@1:4.5-1.1
From: [email protected] > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230
Introduced through: shadow/passwd@1:4.5-1.1, [email protected], shadow/login@1:4.5-1.1, util-linux/[email protected]
From: shadow/passwd@1:4.5-1.1
From: [email protected] > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Access Restriction Bypass
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250
Introduced through: shadow/passwd@1:4.5-1.1, [email protected], shadow/login@1:4.5-1.1, util-linux/[email protected]
From: shadow/passwd@1:4.5-1.1
From: [email protected] > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852
Introduced through: shadow/passwd@1:4.5-1.1, [email protected], shadow/login@1:4.5-1.1, util-linux/[email protected]
From: shadow/passwd@1:4.5-1.1
From: [email protected] > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Arbitrary Code Injection
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925
Introduced through: shadow/passwd@1:4.5-1.1, [email protected], shadow/login@1:4.5-1.1, util-linux/[email protected]
From: shadow/passwd@1:4.5-1.1
From: [email protected] > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Improper Authentication
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5879153
Introduced through: shadow/passwd@1:4.5-1.1, [email protected], shadow/login@1:4.5-1.1, util-linux/[email protected]
From: shadow/passwd@1:4.5-1.1
From: [email protected] > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in perl/perl-base
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980
Introduced through: perl/[email protected]+deb10u1
From: perl/[email protected]+deb10u1

✗ Low severity vulnerability found in perl/perl-base
Description: Link Following
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793
Introduced through: perl/[email protected]+deb10u1
From: perl/[email protected]+deb10u1

✗ Low severity vulnerability found in perl/perl-base
Description: Improper Certificate Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186
Introduced through: perl/[email protected]+deb10u1
From: perl/[email protected]+deb10u1

✗ Low severity vulnerability found in perl/perl-base
Description: Improper Certificate Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188
Introduced through: perl/[email protected]+deb10u1
From: perl/[email protected]+deb10u1

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pam/libpam0g
Description: CVE-2024-22365
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PAM-6178916
Introduced through: pam/[email protected], shadow/login@1:4.5-1.1, util-linux/[email protected], [email protected], pam/[email protected], pam/[email protected], pam/[email protected]
From: pam/[email protected]
From: shadow/login@1:4.5-1.1 > pam/[email protected]
From: util-linux/[email protected] > [email protected] > pam/[email protected]
and 11 more...

✗ Low severity vulnerability found in ncurses/libtinfo6
Description: CVE-2023-50495
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6123819
Introduced through: ncurses/[email protected]+20181013-2+deb10u3, [email protected], ncurses/[email protected]+20181013-2+deb10u3, util-linux/[email protected], util-linux/[email protected], ncurses/[email protected]+20181013-2+deb10u3, ncurses/[email protected]+20181013-2+deb10u3
From: ncurses/[email protected]+20181013-2+deb10u3
From: [email protected] > ncurses/[email protected]+20181013-2+deb10u3
From: ncurses/[email protected]+20181013-2+deb10u3 > ncurses/[email protected]+20181013-2+deb10u3
and 7 more...

✗ Low severity vulnerability found in ncurses/libtinfo6
Description: CVE-2023-45918
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6252772
Introduced through: ncurses/[email protected]+20181013-2+deb10u3, [email protected], ncurses/[email protected]+20181013-2+deb10u3, util-linux/[email protected], util-linux/[email protected], ncurses/[email protected]+20181013-2+deb10u3, ncurses/[email protected]+20181013-2+deb10u3
From: ncurses/[email protected]+20181013-2+deb10u3
From: [email protected] > ncurses/[email protected]+20181013-2+deb10u3
From: ncurses/[email protected]+20181013-2+deb10u3 > ncurses/[email protected]+20181013-2+deb10u3
and 7 more...

✗ Low severity vulnerability found in lz4/liblz4-1
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072
Introduced through: lz4/[email protected]+deb10u1, [email protected]
From: lz4/[email protected]+deb10u1
From: [email protected] > apt/[email protected] > lz4/[email protected]+deb10u1
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8 > lz4/[email protected]+deb10u1

✗ Low severity vulnerability found in libtasn1-6
Description: CVE-2018-1000654
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585
Introduced through: [email protected], [email protected]
From: [email protected]
From: [email protected] > gnutls28/[email protected]+deb10u9 > [email protected]

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628
Introduced through: libsepol/[email protected], [email protected]
From: libsepol/[email protected]
From: [email protected] > shadow/passwd@1:4.5-1.1 > libsemanage/[email protected] > libsepol/[email protected]

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630
Introduced through: libsepol/[email protected], [email protected]
From: libsepol/[email protected]
From: [email protected] > shadow/passwd@1:4.5-1.1 > libsemanage/[email protected] > libsepol/[email protected]

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636
Introduced through: libsepol/[email protected], [email protected]
From: libsepol/[email protected]
From: [email protected] > shadow/passwd@1:4.5-1.1 > libsemanage/[email protected] > libsepol/[email protected]

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642
Introduced through: libsepol/[email protected], [email protected]
From: libsepol/[email protected]
From: [email protected] > shadow/passwd@1:4.5-1.1 > libsemanage/[email protected] > libsepol/[email protected]

✗ Low severity vulnerability found in libseccomp/libseccomp2
Description: CVE-2019-9893
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044
Introduced through: libseccomp/[email protected], [email protected]
From: libseccomp/[email protected]
From: [email protected] > libseccomp/[email protected]

✗ Low severity vulnerability found in libidn2/libidn2-0
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100
Introduced through: libidn2/[email protected]+deb10u1, [email protected]
From: libidn2/[email protected]+deb10u1
From: [email protected] > gnutls28/[email protected]+deb10u9 > libidn2/[email protected]+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893
Introduced through: [email protected]+deb10u1, [email protected]
From: [email protected]+deb10u1
From: [email protected] > gnupg2/[email protected]+deb10u2 > [email protected]+deb10u1
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8 > [email protected]+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902
Introduced through: [email protected]+deb10u1, [email protected]
From: [email protected]+deb10u1
From: [email protected] > gnupg2/[email protected]+deb10u2 > [email protected]+deb10u1
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8 > [email protected]+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Race Condition
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489
Introduced through: [email protected]+deb10u1, [email protected]
From: [email protected]+deb10u1
From: [email protected] > gnupg2/[email protected]+deb10u2 > [email protected]+deb10u1
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8 > [email protected]+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-6405988
Introduced through: [email protected]+deb10u1, [email protected]
From: [email protected]+deb10u1
From: [email protected] > gnupg2/[email protected]+deb10u2 > [email protected]+deb10u1
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8 > [email protected]+deb10u1

✗ Low severity vulnerability found in gnutls28/libgnutls30
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755
Introduced through: gnutls28/[email protected]+deb10u9, [email protected]
From: gnutls28/[email protected]+deb10u9
From: [email protected] > gnutls28/[email protected]+deb10u9

✗ Low severity vulnerability found in gnupg2/gpgv
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746
Introduced through: gnupg2/[email protected]+deb10u2, [email protected]
From: gnupg2/[email protected]+deb10u2
From: [email protected] > gnupg2/[email protected]+deb10u2

✗ Low severity vulnerability found in gnupg2/gpgv
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553
Introduced through: gnupg2/[email protected]+deb10u2, [email protected]
From: gnupg2/[email protected]+deb10u2
From: [email protected] > gnupg2/[email protected]+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106
Introduced through: glibc/[email protected]+deb10u2, glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163
Introduced through: glibc/[email protected]+deb10u2, glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Resource Management Errors
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735
Introduced through: glibc/[email protected]+deb10u2, glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228
Introduced through: glibc/[email protected]+deb10u2, glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: CVE-2019-1010023
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267
Introduced through: glibc/[email protected]+deb10u2, glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Use of Insufficiently Random Values
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375
Introduced through: glibc/[email protected]+deb10u2, glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640
Introduced through: glibc/[email protected]+deb10u2, glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894106
Introduced through: glibc/[email protected]+deb10u2, glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894107
Introduced through: glibc/[email protected]+deb10u2, glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2

✗ Low severity vulnerability found in gcc-8/libstdc++6
Description: Insufficient Entropy
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413
Introduced through: gcc-8/[email protected], [email protected], gcc-8/[email protected], gcc-8/libgcc1@1:8.3.0-6
From: gcc-8/[email protected]
From: [email protected] > gcc-8/[email protected]
From: [email protected] > apt/[email protected] > gcc-8/[email protected]
and 2 more...

✗ Low severity vulnerability found in gcc-8/libstdc++6
Description: CVE-2023-4039
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-5901315
Introduced through: gcc-8/[email protected], [email protected], gcc-8/[email protected], gcc-8/libgcc1@1:8.3.0-6
From: gcc-8/[email protected]
From: [email protected] > gcc-8/[email protected]
From: [email protected] > apt/[email protected] > gcc-8/[email protected]
and 2 more...

✗ Low severity vulnerability found in e2fsprogs/libcom-err2
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482
Introduced through: e2fsprogs/[email protected]+deb10u3, [email protected]+deb10u3, e2fsprogs/[email protected]+deb10u3, e2fsprogs/[email protected]+deb10u3
From: e2fsprogs/[email protected]+deb10u3
From: [email protected]+deb10u3 > e2fsprogs/[email protected]+deb10u3
From: [email protected]+deb10u3 > e2fsprogs/[email protected]+deb10u3 > e2fsprogs/[email protected]+deb10u3
and 5 more...

✗ Low severity vulnerability found in coreutils
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465
Introduced through: [email protected]
From: [email protected]

✗ Low severity vulnerability found in coreutils
Description: Race Condition
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494
Introduced through: [email protected]
From: [email protected]

✗ Low severity vulnerability found in bash
Description: Improper Check for Dropped Privileges
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280
Introduced through: [email protected]
From: [email protected]

✗ Low severity vulnerability found in apt/libapt-pkg5.0
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502
Introduced through: apt/[email protected], [email protected]
From: apt/[email protected]
From: [email protected] > apt/[email protected]
From: [email protected]

✗ Medium severity vulnerability found in systemd/libsystemd0
Description: Off-by-one Error
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7deb10u8
and 4 more...
Fixed in: 241-7
deb10u10

✗ Medium severity vulnerability found in systemd/libsystemd0
Description: CVE-2022-4415
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Medium severity vulnerability found in ncurses/libtinfo6
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5862705
Introduced through: ncurses/[email protected]+20181013-2+deb10u3, [email protected], ncurses/[email protected]+20181013-2+deb10u3, util-linux/[email protected], util-linux/[email protected], ncurses/[email protected]+20181013-2+deb10u3, ncurses/[email protected]+20181013-2+deb10u3
From: ncurses/[email protected]+20181013-2+deb10u3
From: [email protected] > ncurses/[email protected]+20181013-2+deb10u3
From: ncurses/[email protected]+20181013-2+deb10u3 > ncurses/[email protected]+20181013-2+deb10u3
and 7 more...
Fixed in: 6.1+20181013-2+deb10u4

✗ Medium severity vulnerability found in gnutls28/libgnutls30
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6062099
Introduced through: gnutls28/[email protected]+deb10u9, [email protected]
From: gnutls28/[email protected]+deb10u9
From: [email protected] > gnutls28/[email protected]+deb10u9
Fixed in: 3.6.7-4+deb10u11

✗ High severity vulnerability found in systemd/libsystemd0
Description: CVE-2023-26604
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7deb10u8
and 4 more...
Fixed in: 241-7
deb10u9

✗ High severity vulnerability found in systemd/libsystemd0
Description: Allocation of Resources Without Limits or Throttling
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277513
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ High severity vulnerability found in ncurses/libtinfo6
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739
Introduced through: ncurses/[email protected]+20181013-2+deb10u3, [email protected], ncurses/[email protected]+20181013-2+deb10u3, util-linux/[email protected], util-linux/[email protected], ncurses/[email protected]+20181013-2+deb10u3, ncurses/[email protected]+20181013-2+deb10u3
From: ncurses/[email protected]+20181013-2+deb10u3
From: [email protected] > ncurses/[email protected]+20181013-2+deb10u3
From: ncurses/[email protected]+20181013-2+deb10u3 > ncurses/[email protected]+20181013-2+deb10u3
and 7 more...
Fixed in: 6.1+20181013-2+deb10u5

✗ High severity vulnerability found in ncurses/libtinfo6
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196
Introduced through: ncurses/[email protected]+20181013-2+deb10u3, [email protected], ncurses/[email protected]+20181013-2+deb10u3, util-linux/[email protected], util-linux/[email protected], ncurses/[email protected]+20181013-2+deb10u3, ncurses/[email protected]+20181013-2+deb10u3
From: ncurses/[email protected]+20181013-2+deb10u3
From: [email protected] > ncurses/[email protected]+20181013-2+deb10u3
From: ncurses/[email protected]+20181013-2+deb10u3 > ncurses/[email protected]+20181013-2+deb10u3
and 7 more...
Fixed in: 6.1+20181013-2+deb10u5

✗ High severity vulnerability found in gnutls28/libgnutls30
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300
Introduced through: gnutls28/[email protected]+deb10u9, [email protected]
From: gnutls28/[email protected]+deb10u9
From: [email protected] > gnutls28/[email protected]+deb10u9
Fixed in: 3.6.7-4+deb10u10

✗ High severity vulnerability found in gnutls28/libgnutls30
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6159414
Introduced through: gnutls28/[email protected]+deb10u9, [email protected]
From: gnutls28/[email protected]+deb10u9
From: [email protected] > gnutls28/[email protected]+deb10u9
Fixed in: 3.6.7-4+deb10u12

✗ High severity vulnerability found in glibc/libc-bin
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488
Introduced through: glibc/[email protected]+deb10u2, glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2

✗ High severity vulnerability found in gcc-8/libstdc++6
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558
Introduced through: gcc-8/[email protected], [email protected], gcc-8/[email protected], gcc-8/libgcc1@1:8.3.0-6
From: gcc-8/[email protected]
From: [email protected] > gcc-8/[email protected]
From: [email protected] > apt/[email protected] > gcc-8/[email protected]
and 2 more...

✗ Critical severity vulnerability found in zlib/zlib1g
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-6008964
Introduced through: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2
From: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2

✗ Critical severity vulnerability found in libtasn1-6
Description: Off-by-one Error
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094
Introduced through: [email protected], [email protected]
From: [email protected]
From: [email protected] > gnutls28/[email protected]+deb10u9 > [email protected]
Fixed in: 4.13-3+deb10u1

✗ Critical severity vulnerability found in db5.3/libdb5.3
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169
Introduced through: db5.3/[email protected]+dfsg1-0.5, [email protected]
From: db5.3/[email protected]+dfsg1-0.5
From: [email protected] > shadow/passwd@1:4.5-1.1 > pam/[email protected] > db5.3/[email protected]+dfsg1-0.5

------------ Detected 34 vulnerabilities for [email protected] ------------

✗ Low severity vulnerability found in node
Description: Improper Certificate Validation
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ Low severity vulnerability found in node
Description: Improper Certificate Validation
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ Low severity vulnerability found in node
Description: Insecure Randomness
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ Low severity vulnerability found in node
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969349
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.18.2

✗ Low severity vulnerability found in node
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969357
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.18.2

✗ Low severity vulnerability found in node
Description: Permissive Cross-domain Policy with Untrusted Domains
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252338
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.19.1, 20.11.1, 21.6.2

✗ Medium severity vulnerability found in node
Description: Timing Attack
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Privilege Escalation
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: HTTP Request Smuggling
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Inconsistency Between Implementation and Documented Design
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Buffer Over-read
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Insecure Randomness
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Buffer Underwrite (Buffer Underflow)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Privilege Escalation
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5756501
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Improper Access Control
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5843454
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.17.1

✗ Medium severity vulnerability found in node
Description: Access Restriction Bypass
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848030
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.17.1

✗ Medium severity vulnerability found in node
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969356
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.18.2

✗ Medium severity vulnerability found in node
Description: Observable Timing Discrepancy
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252330
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.19.1, 20.11.1, 21.6.2

✗ High severity vulnerability found in node
Description: Insecure Permissions
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.14.1

✗ High severity vulnerability found in node
Description: Access of Resource Using Incompatible Type ('Type Confusion')
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.14.1

✗ High severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.14.1

✗ High severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.14.1

✗ High severity vulnerability found in node
Description: Prototype Pollution
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ High severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ High severity vulnerability found in node
Description: Arbitrary Code Injection
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848038
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.17.1

✗ High severity vulnerability found in node
Description: Allocation of Resources Without Limits or Throttling
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252328
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.19.1, 20.11.1, 21.6.2

✗ High severity vulnerability found in node
Description: Code Injection
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252332
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.19.1, 20.11.1, 21.6.2

Organization: tubone24
Package manager: deb
Project name: docker-image|test-blog
Docker image: test-blog
Platform: linux/amd64
Base image: node:18.12.1-buster-slim
Licenses: enabled

Tested 85 dependencies for known issues, found 117 issues.

Base Image Vulnerabilities Severity
node:18.12.1-buster-slim 117 3 critical, 17 high, 23 medium, 74 low

Recommendations for base image upgrade:

Minor upgrades
Base Image Vulnerabilities Severity
node:18.19.1-buster-slim 75 2 critical, 4 high, 1 medium, 68 low

Major upgrades
Base Image Vulnerabilities Severity
node:20.11.1-buster-slim 75 2 critical, 4 high, 1 medium, 68 low

Alternative image types
Base Image Vulnerabilities Severity
node:21.6.2-bookworm-slim 35 1 critical, 1 high, 0 medium, 33 low
node:21.7.1-bullseye-slim 66 1 critical, 1 high, 0 medium, 64 low
node:20.11.0-slim 43 1 critical, 5 high, 3 medium, 34 low
node:lts-bookworm 179 1 critical, 6 high, 7 medium, 165 low

Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection

Copy link
Contributor

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/65f0864ff79971114a2e73c4
Website Draft URL: https://65f0864ff79971114a2e73c4--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag.
netlify deploy --prod

Copy link
Contributor

Copy link
Contributor

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/65f086a090c57b123879633a
Website Draft URL: https://65f086a090c57b123879633a--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag.
netlify deploy --prod

github-actions bot pushed a commit that referenced this pull request Mar 12, 2024
github-actions bot pushed a commit that referenced this pull request Mar 12, 2024
github-actions bot pushed a commit that referenced this pull request Mar 12, 2024
Copy link
Contributor

Copy link
Contributor

Memlab leaks report

page-load [7.4MB] (baseline) [s1] > action-on-page [8.3MB] (target) [s2] > revert [9.3MB] (final) [s3]  
------2 clusters------

--Similar leaks in this run: 1634--
--Retained size of leaked objects: 176.4KB--
[<synthetic>] (synthetic) @1 [10.5MB]
  --2 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @6269 [62.1KB]
  --setTimeout (property)--->  [<closure>] (closure) @48509 [72 bytes]
  --context (internal)--->  [<function scope>] (object) @264685 [20 bytes]
  --previous (internal)--->  [<function scope>] (object) @87657 [36KB]
  --n (variable)--->  [t] (closure) @174075 [1.3KB]
  --context (internal)--->  [<function scope>] (object) @183675 [43.5KB]
  --n (variable)--->  [Object] (object) @186941 [43.4KB]
  --449 (element)--->  [Object] (object) @187383 [24 bytes]
  --exports (property)--->  [r] (closure) @224681 [2.7KB]
  --hasData (property)--->  [<closure>] (closure) @158683 [80 bytes]
  --context (internal)--->  [<function scope>] (object) @158677 [1.5KB]
  --e (variable)--->  [Object] (object) @225197 [1KB]
  --2 (element)--->  [Object] (object) @361041 [76 bytes]
  --aaAutocomplete (property)--->  [f] (object) @369525 [348 bytes]
  --$node (property)--->  [q] (object) @369831 [188 bytes]
  --0 (element)--->  [Detached HTMLSpanElement] (native) @333935 [676 bytes]
  --7 (element)--->  [Detached HTMLDivElement] (native) @334593 [5.7KB]
  --7 (element)--->  [Detached HTMLDivElement] (native) @334225 [444 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @334621 [444 bytes]
  --6 (element)--->  [Detached HTMLAnchorElement] (native) @334009 [2.5KB]
  --15 (element)--->  [Detached InternalNode] (native) @36906 [336 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @37224 [112 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @39258 [112 bytes]
  --1 (element)--->  [Detached EventListener] (native) @38622 [112 bytes]

--Similar leaks in this run: 479--
--Retained size of leaked objects: 50.1KB--
[<synthetic>] (synthetic) @1 [10.5MB]
  --2 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @6269 [62.1KB]
  --___replace (property)--->  [<closure>] (closure) @48845 [80 bytes]
  --context (internal)--->  [<function scope>] (object) @182045 [748 bytes]
  --a (variable)--->  [Module] (object) @174077 [6.3KB]
  --get version (property)--->  [version] (closure) @232591 [80 bytes]
  --context (internal)--->  [<function scope>] (object) @122225 [6.5KB]
  --Qn (variable)--->  [y] (object) @413879 [368 bytes]
  --props (property)--->  [Object] (object) @434159 [28 bytes]
  --children (property)--->  [Object] (object) @445947 [296 bytes]
  --props (property)--->  [Object] (object) @446743 [56 bytes]
  --children (property)--->  [Object] (object) @434109 [1.2KB]
  --__ (property)--->  [Object] (object) @461169 [1.1KB]
  --__ (property)--->  [Object] (object) @461173 [940 bytes]
  --__ (property)--->  [Object] (object) @421053 [736 bytes]
  --__d (property)--->  [Detached HTMLDivElement] (native) @334265 [468 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @334263 [384 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @334261 [384 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @333975 [15KB]
  --8 (element)--->  [Detached HTMLElement] (native) @333993 [25.4KB]
  --5 (element)--->  [Detached HTMLDivElement] (native) @333991 [22.1KB]
  --6 (element)--->  [Detached Text] (native) @333425 [220 bytes]
  --6 (element)--->  [Detached HTMLImageElement] (native) @333421 [764 bytes]
  --7 (element)--->  [Detached Text] (native) @333417 [220 bytes]
  --6 (element)--->  [Detached HTMLParagraphElement] (native) @333385 [2.5KB]
  --8 (element)--->  [Detached Text] (native) @333381 [220 bytes]
  --6 (element)--->  [Detached HTMLHeadingElement] (native) @333373 [664 bytes]
  --8 (element)--->  [Detached Text] (native) @333369 [220 bytes]
  --6 (element)--->  [Detached HTMLParagraphElement] (native) @333361 [576 bytes]
  --8 (element)--->  [Detached Text] (native) @333357 [220 bytes]
  --6 (element)--->  [Detached HTMLParagraphElement] (native) @333349 [576 bytes]
  --8 (element)--->  [Detached Text] (native) @333345 [220 bytes]
  --6 (element)--->  [Detached HTMLImageElement] (native) @333341 [764 bytes]
  --7 (element)--->  [Detached Text] (native) @333337 [220 bytes]
  --6 (element)--->  [Detached HTMLParagraphElement] (native) @333329 [576 bytes]
  --10 (element)--->  [Detached InternalNode] (native) @31828 [152 bytes]
  --2 (element)--->  [Detached InternalNode] (native) @31806 [56 bytes]
  --1 (element)--->  [Detached NodeList] (native) @31808 [56 bytes]

github-actions bot pushed a commit that referenced this pull request Mar 15, 2024
github-actions bot pushed a commit that referenced this pull request Mar 15, 2024
Copy link
Contributor

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...

Netlify Build
────────────────────────────────────────────────────────────────

❯ Version
@netlify/build 29.36.1

❯ Flags
auth: EPJJ6iiVJKf1WzATp10YTzbujNbkSqWDiVl-3kCXA-Y
deployId: 65f48546846e7c0305a424d7
dir: ./storybook-static
open: false
prod: false
prodIfUnlocked: false
site: 905285ac-8339-48d2-86d8-8d639370a095
skipFunctionsCache: false

❯ Current directory
/home/runner/work/blog/blog

❯ Config file
/home/runner/work/blog/blog/netlify.toml

❯ Context
dev

Build logs: https://app.netlify.com/sites/blog-storybook/deploys/65f48546846e7c0305a424d7
Function logs: https://app.netlify.com/sites/blog-storybook/functions?scope=deploy:65f48546846e7c0305a424d7
Website draft URL: https://65f48546846e7c0305a424d7--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag.
netlify deploy --prod

github-actions bot pushed a commit that referenced this pull request Mar 15, 2024
github-actions bot pushed a commit that referenced this pull request Mar 15, 2024
github-actions bot pushed a commit that referenced this pull request Mar 15, 2024
github-actions bot pushed a commit that referenced this pull request Mar 15, 2024
github-actions bot pushed a commit that referenced this pull request Mar 15, 2024
github-actions bot pushed a commit that referenced this pull request Mar 15, 2024
Copy link
Contributor

Lighthouse Score

Desktop

performance: 91
accessibility: 100
best-practices: 100
seo: 92
pwa: 100

Mobile

performance: 81
accessibility: 100
best-practices: 96
seo: 93
pwa: 100

github-actions bot pushed a commit that referenced this pull request Mar 15, 2024
Copy link
Contributor

Snyk vulnerability report

OSS packages

Tested 1785 dependencies for known issues, found 13 issues, 31 vulnerable paths.

Issues to fix by upgrading:

Upgrade @sentry/[email protected] to @sentry/[email protected] to fix
✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in [email protected]
introduced by [email protected] > [email protected] > [email protected] and 8 other path(s)

Upgrade [email protected] to [email protected] to fix
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in [email protected]
introduced by [email protected] > [email protected]
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in [email protected]
introduced by [email protected] > [email protected] > [email protected] and 1 other path(s)

Upgrade [email protected] to [email protected] to fix
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in [email protected]
introduced by [email protected] > [email protected] > [email protected] and 1 other path(s)

Upgrade [email protected] to [email protected] to fix
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in [email protected]
introduced by [email protected]
✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334] in [email protected]
introduced by [email protected] > [email protected]

Issues with no direct upgrade or patch:
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in [email protected]
introduced by [email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1
✗ Cross-site Request Forgery (CSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459] in [email protected]
introduced by @raae/[email protected] > [email protected] and 2 other path(s)
This issue was fixed in versions: 1.6.0
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6124857] in [email protected]
introduced by @raae/[email protected] > [email protected] and 2 other path(s)
This issue was fixed in versions: 1.6.3
✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788] in [email protected]
introduced by @raae/[email protected] > [email protected] and 2 other path(s)
This issue was fixed in versions: 1.6.4
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6444610] in [email protected]
introduced by [email protected] > [email protected] and 3 other path(s)
This issue was fixed in versions: 1.15.6
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in [email protected]
introduced by [email protected]
No upgrade or patch available
✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in [email protected]
introduced by [email protected] > [email protected] > [email protected]
No upgrade or patch available
✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607] in [email protected]
introduced by [email protected] > [email protected] > [email protected]
This issue was fixed in versions: 6.0.2

Organization: tubone24
Package manager: yarn
Target file: yarn.lock
Project name: blog
Open source: no
Project path: .
Licenses: enabled

Application

✗ [Medium] Path Traversal
Path: scripts/benchmark.js, line 23
Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files.

✗ [Medium] Path Traversal
Path: scripts/benchmark.js, line 25
Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files.

✗ [Medium] Path Traversal
Path: scripts/benchmark.js, line 41
Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files.

✔ Test completed

Organization: tubone24
Test type: Static code analysis
Project path: .

Summary:

3 Code issues found
3 [Medium]

IaC

Snyk Infrastructure as Code

  • Snyk testing Infrastructure as Code configuration issues.
    ✔ Test completed.

Issues
No vulnerable paths were found!


Test Summary

Organization: tubone24
Project name: tubone24/blog

✔ Files without issues: 3
✗ Files with issues: 0
Ignored issues: 0
Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ]


Tip

New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog...

✗ Low severity vulnerability found in util-linux/libuuid1
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833
Introduced through: util-linux/[email protected], [email protected]+deb10u3, util-linux/[email protected], util-linux/[email protected], util-linux/[email protected], [email protected], sysvinit/[email protected], util-linux/bsdutils@1:2.33.1-0.1, util-linux/[email protected], util-linux/[email protected], util-linux/[email protected]
From: util-linux/[email protected]
From: [email protected]+deb10u3 > util-linux/[email protected]
From: [email protected]+deb10u3 > util-linux/[email protected] > util-linux/[email protected]
and 25 more...

✗ Low severity vulnerability found in util-linux/libuuid1
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082
Introduced through: util-linux/[email protected], [email protected]+deb10u3, util-linux/[email protected], util-linux/[email protected], util-linux/[email protected], [email protected], sysvinit/[email protected], util-linux/bsdutils@1:2.33.1-0.1, util-linux/[email protected], util-linux/[email protected], util-linux/[email protected]
From: util-linux/[email protected]
From: [email protected]+deb10u3 > util-linux/[email protected]
From: [email protected]+deb10u3 > util-linux/[email protected] > util-linux/[email protected]
and 25 more...

✗ Low severity vulnerability found in tar
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001
Introduced through: [email protected]+dfsg-6
From: [email protected]+dfsg-6

✗ Low severity vulnerability found in tar
Description: CVE-2005-2541
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331
Introduced through: [email protected]+dfsg-6
From: [email protected]+dfsg-6

✗ Low severity vulnerability found in tar
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529
Introduced through: [email protected]+dfsg-6
From: [email protected]+dfsg-6

✗ Low severity vulnerability found in tar
Description: NULL Pointer Dereference
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203
Introduced through: [email protected]+dfsg-6
From: [email protected]+dfsg-6

✗ Low severity vulnerability found in tar
Description: CVE-2023-39804
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-6120423
Introduced through: [email protected]+dfsg-6
From: [email protected]+dfsg-6
Fixed in: 1.30+dfsg-6+deb10u1

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Authentication Bypass
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Link Following
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Privilege Chaining
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Incorrect Privilege Assignment
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Missing Release of Resource after Effective Lifetime
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Improper Validation of Integrity Check Value
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Improper Validation of Integrity Check Value
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Improper Validation of Integrity Check Value
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: CVE-2023-7008
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6137710
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: CVE-2023-50868
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277511
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Time-of-check Time-of-use (TOCTOU)
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205
Introduced through: shadow/passwd@1:4.5-1.1, [email protected], shadow/login@1:4.5-1.1, util-linux/[email protected]
From: shadow/passwd@1:4.5-1.1
From: [email protected] > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230
Introduced through: shadow/passwd@1:4.5-1.1, [email protected], shadow/login@1:4.5-1.1, util-linux/[email protected]
From: shadow/passwd@1:4.5-1.1
From: [email protected] > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Access Restriction Bypass
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250
Introduced through: shadow/passwd@1:4.5-1.1, [email protected], shadow/login@1:4.5-1.1, util-linux/[email protected]
From: shadow/passwd@1:4.5-1.1
From: [email protected] > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852
Introduced through: shadow/passwd@1:4.5-1.1, [email protected], shadow/login@1:4.5-1.1, util-linux/[email protected]
From: shadow/passwd@1:4.5-1.1
From: [email protected] > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Arbitrary Code Injection
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925
Introduced through: shadow/passwd@1:4.5-1.1, [email protected], shadow/login@1:4.5-1.1, util-linux/[email protected]
From: shadow/passwd@1:4.5-1.1
From: [email protected] > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Improper Authentication
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5879153
Introduced through: shadow/passwd@1:4.5-1.1, [email protected], shadow/login@1:4.5-1.1, util-linux/[email protected]
From: shadow/passwd@1:4.5-1.1
From: [email protected] > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in perl/perl-base
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980
Introduced through: perl/[email protected]+deb10u1
From: perl/[email protected]+deb10u1

✗ Low severity vulnerability found in perl/perl-base
Description: Link Following
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793
Introduced through: perl/[email protected]+deb10u1
From: perl/[email protected]+deb10u1

✗ Low severity vulnerability found in perl/perl-base
Description: Improper Certificate Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186
Introduced through: perl/[email protected]+deb10u1
From: perl/[email protected]+deb10u1

✗ Low severity vulnerability found in perl/perl-base
Description: Improper Certificate Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188
Introduced through: perl/[email protected]+deb10u1
From: perl/[email protected]+deb10u1

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pam/libpam0g
Description: CVE-2024-22365
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PAM-6178916
Introduced through: pam/[email protected], shadow/login@1:4.5-1.1, util-linux/[email protected], [email protected], pam/[email protected], pam/[email protected], pam/[email protected]
From: pam/[email protected]
From: shadow/login@1:4.5-1.1 > pam/[email protected]
From: util-linux/[email protected] > [email protected] > pam/[email protected]
and 11 more...

✗ Low severity vulnerability found in ncurses/libtinfo6
Description: CVE-2023-50495
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6123819
Introduced through: ncurses/[email protected]+20181013-2+deb10u3, [email protected], ncurses/[email protected]+20181013-2+deb10u3, util-linux/[email protected], util-linux/[email protected], ncurses/[email protected]+20181013-2+deb10u3, ncurses/[email protected]+20181013-2+deb10u3
From: ncurses/[email protected]+20181013-2+deb10u3
From: [email protected] > ncurses/[email protected]+20181013-2+deb10u3
From: ncurses/[email protected]+20181013-2+deb10u3 > ncurses/[email protected]+20181013-2+deb10u3
and 7 more...

✗ Low severity vulnerability found in ncurses/libtinfo6
Description: CVE-2023-45918
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6252772
Introduced through: ncurses/[email protected]+20181013-2+deb10u3, [email protected], ncurses/[email protected]+20181013-2+deb10u3, util-linux/[email protected], util-linux/[email protected], ncurses/[email protected]+20181013-2+deb10u3, ncurses/[email protected]+20181013-2+deb10u3
From: ncurses/[email protected]+20181013-2+deb10u3
From: [email protected] > ncurses/[email protected]+20181013-2+deb10u3
From: ncurses/[email protected]+20181013-2+deb10u3 > ncurses/[email protected]+20181013-2+deb10u3
and 7 more...

✗ Low severity vulnerability found in lz4/liblz4-1
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072
Introduced through: lz4/[email protected]+deb10u1, [email protected]
From: lz4/[email protected]+deb10u1
From: [email protected] > apt/[email protected] > lz4/[email protected]+deb10u1
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8 > lz4/[email protected]+deb10u1

✗ Low severity vulnerability found in libtasn1-6
Description: CVE-2018-1000654
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585
Introduced through: [email protected], [email protected]
From: [email protected]
From: [email protected] > gnutls28/[email protected]+deb10u9 > [email protected]

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628
Introduced through: libsepol/[email protected], [email protected]
From: libsepol/[email protected]
From: [email protected] > shadow/passwd@1:4.5-1.1 > libsemanage/[email protected] > libsepol/[email protected]

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630
Introduced through: libsepol/[email protected], [email protected]
From: libsepol/[email protected]
From: [email protected] > shadow/passwd@1:4.5-1.1 > libsemanage/[email protected] > libsepol/[email protected]

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636
Introduced through: libsepol/[email protected], [email protected]
From: libsepol/[email protected]
From: [email protected] > shadow/passwd@1:4.5-1.1 > libsemanage/[email protected] > libsepol/[email protected]

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642
Introduced through: libsepol/[email protected], [email protected]
From: libsepol/[email protected]
From: [email protected] > shadow/passwd@1:4.5-1.1 > libsemanage/[email protected] > libsepol/[email protected]

✗ Low severity vulnerability found in libseccomp/libseccomp2
Description: CVE-2019-9893
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044
Introduced through: libseccomp/[email protected], [email protected]
From: libseccomp/[email protected]
From: [email protected] > libseccomp/[email protected]

✗ Low severity vulnerability found in libidn2/libidn2-0
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100
Introduced through: libidn2/[email protected]+deb10u1, [email protected]
From: libidn2/[email protected]+deb10u1
From: [email protected] > gnutls28/[email protected]+deb10u9 > libidn2/[email protected]+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893
Introduced through: [email protected]+deb10u1, [email protected]
From: [email protected]+deb10u1
From: [email protected] > gnupg2/[email protected]+deb10u2 > [email protected]+deb10u1
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8 > [email protected]+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902
Introduced through: [email protected]+deb10u1, [email protected]
From: [email protected]+deb10u1
From: [email protected] > gnupg2/[email protected]+deb10u2 > [email protected]+deb10u1
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8 > [email protected]+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Race Condition
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489
Introduced through: [email protected]+deb10u1, [email protected]
From: [email protected]+deb10u1
From: [email protected] > gnupg2/[email protected]+deb10u2 > [email protected]+deb10u1
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8 > [email protected]+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-6405988
Introduced through: [email protected]+deb10u1, [email protected]
From: [email protected]+deb10u1
From: [email protected] > gnupg2/[email protected]+deb10u2 > [email protected]+deb10u1
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8 > [email protected]+deb10u1

✗ Low severity vulnerability found in gnutls28/libgnutls30
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755
Introduced through: gnutls28/[email protected]+deb10u9, [email protected]
From: gnutls28/[email protected]+deb10u9
From: [email protected] > gnutls28/[email protected]+deb10u9

✗ Low severity vulnerability found in gnupg2/gpgv
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746
Introduced through: gnupg2/[email protected]+deb10u2, [email protected]
From: gnupg2/[email protected]+deb10u2
From: [email protected] > gnupg2/[email protected]+deb10u2

✗ Low severity vulnerability found in gnupg2/gpgv
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553
Introduced through: gnupg2/[email protected]+deb10u2, [email protected]
From: gnupg2/[email protected]+deb10u2
From: [email protected] > gnupg2/[email protected]+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106
Introduced through: glibc/[email protected]+deb10u2, glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163
Introduced through: glibc/[email protected]+deb10u2, glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Resource Management Errors
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735
Introduced through: glibc/[email protected]+deb10u2, glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228
Introduced through: glibc/[email protected]+deb10u2, glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: CVE-2019-1010023
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267
Introduced through: glibc/[email protected]+deb10u2, glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Use of Insufficiently Random Values
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375
Introduced through: glibc/[email protected]+deb10u2, glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640
Introduced through: glibc/[email protected]+deb10u2, glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894106
Introduced through: glibc/[email protected]+deb10u2, glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894107
Introduced through: glibc/[email protected]+deb10u2, glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2

✗ Low severity vulnerability found in gcc-8/libstdc++6
Description: Insufficient Entropy
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413
Introduced through: gcc-8/[email protected], [email protected], gcc-8/[email protected], gcc-8/libgcc1@1:8.3.0-6
From: gcc-8/[email protected]
From: [email protected] > gcc-8/[email protected]
From: [email protected] > apt/[email protected] > gcc-8/[email protected]
and 2 more...

✗ Low severity vulnerability found in gcc-8/libstdc++6
Description: CVE-2023-4039
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-5901315
Introduced through: gcc-8/[email protected], [email protected], gcc-8/[email protected], gcc-8/libgcc1@1:8.3.0-6
From: gcc-8/[email protected]
From: [email protected] > gcc-8/[email protected]
From: [email protected] > apt/[email protected] > gcc-8/[email protected]
and 2 more...

✗ Low severity vulnerability found in e2fsprogs/libcom-err2
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482
Introduced through: e2fsprogs/[email protected]+deb10u3, [email protected]+deb10u3, e2fsprogs/[email protected]+deb10u3, e2fsprogs/[email protected]+deb10u3
From: e2fsprogs/[email protected]+deb10u3
From: [email protected]+deb10u3 > e2fsprogs/[email protected]+deb10u3
From: [email protected]+deb10u3 > e2fsprogs/[email protected]+deb10u3 > e2fsprogs/[email protected]+deb10u3
and 5 more...

✗ Low severity vulnerability found in coreutils
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465
Introduced through: [email protected]
From: [email protected]

✗ Low severity vulnerability found in coreutils
Description: Race Condition
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494
Introduced through: [email protected]
From: [email protected]

✗ Low severity vulnerability found in bash
Description: Improper Check for Dropped Privileges
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280
Introduced through: [email protected]
From: [email protected]

✗ Low severity vulnerability found in apt/libapt-pkg5.0
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502
Introduced through: apt/[email protected], [email protected]
From: apt/[email protected]
From: [email protected] > apt/[email protected]
From: [email protected]

✗ Medium severity vulnerability found in systemd/libsystemd0
Description: Off-by-one Error
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7deb10u8
and 4 more...
Fixed in: 241-7
deb10u10

✗ Medium severity vulnerability found in systemd/libsystemd0
Description: CVE-2022-4415
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Medium severity vulnerability found in ncurses/libtinfo6
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5862705
Introduced through: ncurses/[email protected]+20181013-2+deb10u3, [email protected], ncurses/[email protected]+20181013-2+deb10u3, util-linux/[email protected], util-linux/[email protected], ncurses/[email protected]+20181013-2+deb10u3, ncurses/[email protected]+20181013-2+deb10u3
From: ncurses/[email protected]+20181013-2+deb10u3
From: [email protected] > ncurses/[email protected]+20181013-2+deb10u3
From: ncurses/[email protected]+20181013-2+deb10u3 > ncurses/[email protected]+20181013-2+deb10u3
and 7 more...
Fixed in: 6.1+20181013-2+deb10u4

✗ Medium severity vulnerability found in gnutls28/libgnutls30
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6062099
Introduced through: gnutls28/[email protected]+deb10u9, [email protected]
From: gnutls28/[email protected]+deb10u9
From: [email protected] > gnutls28/[email protected]+deb10u9
Fixed in: 3.6.7-4+deb10u11

✗ High severity vulnerability found in systemd/libsystemd0
Description: CVE-2023-26604
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7deb10u8
and 4 more...
Fixed in: 241-7
deb10u9

✗ High severity vulnerability found in systemd/libsystemd0
Description: Allocation of Resources Without Limits or Throttling
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277513
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, [email protected], util-linux/[email protected], systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7
deb10u8
From: [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ High severity vulnerability found in ncurses/libtinfo6
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739
Introduced through: ncurses/[email protected]+20181013-2+deb10u3, [email protected], ncurses/[email protected]+20181013-2+deb10u3, util-linux/[email protected], util-linux/[email protected], ncurses/[email protected]+20181013-2+deb10u3, ncurses/[email protected]+20181013-2+deb10u3
From: ncurses/[email protected]+20181013-2+deb10u3
From: [email protected] > ncurses/[email protected]+20181013-2+deb10u3
From: ncurses/[email protected]+20181013-2+deb10u3 > ncurses/[email protected]+20181013-2+deb10u3
and 7 more...
Fixed in: 6.1+20181013-2+deb10u5

✗ High severity vulnerability found in ncurses/libtinfo6
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196
Introduced through: ncurses/[email protected]+20181013-2+deb10u3, [email protected], ncurses/[email protected]+20181013-2+deb10u3, util-linux/[email protected], util-linux/[email protected], ncurses/[email protected]+20181013-2+deb10u3, ncurses/[email protected]+20181013-2+deb10u3
From: ncurses/[email protected]+20181013-2+deb10u3
From: [email protected] > ncurses/[email protected]+20181013-2+deb10u3
From: ncurses/[email protected]+20181013-2+deb10u3 > ncurses/[email protected]+20181013-2+deb10u3
and 7 more...
Fixed in: 6.1+20181013-2+deb10u5

✗ High severity vulnerability found in gnutls28/libgnutls30
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300
Introduced through: gnutls28/[email protected]+deb10u9, [email protected]
From: gnutls28/[email protected]+deb10u9
From: [email protected] > gnutls28/[email protected]+deb10u9
Fixed in: 3.6.7-4+deb10u10

✗ High severity vulnerability found in gnutls28/libgnutls30
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6159414
Introduced through: gnutls28/[email protected]+deb10u9, [email protected]
From: gnutls28/[email protected]+deb10u9
From: [email protected] > gnutls28/[email protected]+deb10u9
Fixed in: 3.6.7-4+deb10u12

✗ High severity vulnerability found in glibc/libc-bin
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488
Introduced through: glibc/[email protected]+deb10u2, glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2
From: glibc/[email protected]+deb10u2

✗ High severity vulnerability found in gcc-8/libstdc++6
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558
Introduced through: gcc-8/[email protected], [email protected], gcc-8/[email protected], gcc-8/libgcc1@1:8.3.0-6
From: gcc-8/[email protected]
From: [email protected] > gcc-8/[email protected]
From: [email protected] > apt/[email protected] > gcc-8/[email protected]
and 2 more...

✗ Critical severity vulnerability found in zlib/zlib1g
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-6008964
Introduced through: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2
From: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2

✗ Critical severity vulnerability found in libtasn1-6
Description: Off-by-one Error
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094
Introduced through: [email protected], [email protected]
From: [email protected]
From: [email protected] > gnutls28/[email protected]+deb10u9 > [email protected]
Fixed in: 4.13-3+deb10u1

✗ Critical severity vulnerability found in db5.3/libdb5.3
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169
Introduced through: db5.3/[email protected]+dfsg1-0.5, [email protected]
From: db5.3/[email protected]+dfsg1-0.5
From: [email protected] > shadow/passwd@1:4.5-1.1 > pam/[email protected] > db5.3/[email protected]+dfsg1-0.5

------------ Detected 34 vulnerabilities for [email protected] ------------

✗ Low severity vulnerability found in node
Description: Improper Certificate Validation
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ Low severity vulnerability found in node
Description: Improper Certificate Validation
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ Low severity vulnerability found in node
Description: Insecure Randomness
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ Low severity vulnerability found in node
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969349
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.18.2

✗ Low severity vulnerability found in node
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969357
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.18.2

✗ Low severity vulnerability found in node
Description: Permissive Cross-domain Policy with Untrusted Domains
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252338
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.19.1, 20.11.1, 21.6.2

✗ Medium severity vulnerability found in node
Description: Timing Attack
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Privilege Escalation
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: HTTP Request Smuggling
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Inconsistency Between Implementation and Documented Design
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Buffer Over-read
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Insecure Randomness
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Buffer Underwrite (Buffer Underflow)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Privilege Escalation
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5756501
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Improper Access Control
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5843454
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.17.1

✗ Medium severity vulnerability found in node
Description: Access Restriction Bypass
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848030
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.17.1

✗ Medium severity vulnerability found in node
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969356
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.18.2

✗ Medium severity vulnerability found in node
Description: Observable Timing Discrepancy
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252330
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.19.1, 20.11.1, 21.6.2

✗ High severity vulnerability found in node
Description: Insecure Permissions
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.14.1

✗ High severity vulnerability found in node
Description: Access of Resource Using Incompatible Type ('Type Confusion')
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.14.1

✗ High severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.14.1

✗ High severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.14.1

✗ High severity vulnerability found in node
Description: Prototype Pollution
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ High severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.16.1

✗ High severity vulnerability found in node
Description: Arbitrary Code Injection
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848038
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.17.1

✗ High severity vulnerability found in node
Description: Allocation of Resources Without Limits or Throttling
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252328
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.19.1, 20.11.1, 21.6.2

✗ High severity vulnerability found in node
Description: Code Injection
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252332
Introduced through: [email protected]
From: [email protected]
Fixed in: 18.19.1, 20.11.1, 21.6.2

Organization: tubone24
Package manager: deb
Project name: docker-image|test-blog
Docker image: test-blog
Platform: linux/amd64
Base image: node:18.12.1-buster-slim
Licenses: enabled

Tested 85 dependencies for known issues, found 117 issues.

Base Image Vulnerabilities Severity
node:18.12.1-buster-slim 117 3 critical, 17 high, 23 medium, 74 low

Recommendations for base image upgrade:

Minor upgrades
Base Image Vulnerabilities Severity
node:18.19.1-buster-slim 73 2 critical, 3 high, 1 medium, 67 low

Major upgrades
Base Image Vulnerabilities Severity
node:20.11.1-buster-slim 73 2 critical, 3 high, 1 medium, 67 low

Alternative image types
Base Image Vulnerabilities Severity
node:21.7.0-bookworm-slim 35 1 critical, 1 high, 0 medium, 33 low
node:21.7.0-bullseye-slim 66 1 critical, 1 high, 0 medium, 64 low
node:lts-bookworm 170 1 critical, 3 high, 1 medium, 165 low
node:20.11.0-slim 43 1 critical, 5 high, 3 medium, 34 low

Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection

github-actions bot pushed a commit that referenced this pull request Mar 15, 2024
Copy link
Contributor

Memlab leaks report

page-load [7.4MB] (baseline) [s1] > action-on-page [8.3MB] (target) [s2] > revert [9.3MB] (final) [s3]  
------2 clusters------

--Similar leaks in this run: 1634--
--Retained size of leaked objects: 172.6KB--
[<synthetic>] (synthetic) @1 [10.5MB]
  --2 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @6257 [60.7KB]
  --setTimeout (property)--->  [<closure>] (closure) @48025 [72 bytes]
  --context (internal)--->  [<function scope>] (object) @262887 [20 bytes]
  --previous (internal)--->  [<function scope>] (object) @110001 [36KB]
  --n (variable)--->  [t] (closure) @259049 [1.3KB]
  --context (internal)--->  [<function scope>] (object) @164741 [43.5KB]
  --n (variable)--->  [Object] (object) @259047 [43.4KB]
  --449 (element)--->  [Object] (object) @268123 [24 bytes]
  --exports (property)--->  [r] (closure) @145127 [2.7KB]
  --hasData (property)--->  [<closure>] (closure) @230261 [80 bytes]
  --context (internal)--->  [<function scope>] (object) @230257 [1.5KB]
  --e (variable)--->  [Object] (object) @268783 [1KB]
  --2 (element)--->  [Object] (object) @336951 [76 bytes]
  --aaAutocomplete (property)--->  [f] (object) @392547 [348 bytes]
  --$node (property)--->  [q] (object) @392711 [188 bytes]
  --0 (element)--->  [Detached HTMLSpanElement] (native) @333303 [676 bytes]
  --7 (element)--->  [Detached HTMLDivElement] (native) @333653 [5.7KB]
  --7 (element)--->  [Detached HTMLDivElement] (native) @334071 [444 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @333681 [444 bytes]
  --6 (element)--->  [Detached HTMLAnchorElement] (native) @333375 [2.5KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @333389 [2.5KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @333403 [2.5KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @333417 [2.5KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @333431 [2.5KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @333445 [2.5KB]
  --13 (element)--->  [Detached InternalNode] (native) @30538 [488 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @33576 [432 bytes]
  --4 (element)--->  [Detached ElementIntersectionObserverData] (native) @33584 [72 bytes]

--Similar leaks in this run: 479--
--Retained size of leaked objects: 50.2KB--
[<synthetic>] (synthetic) @1 [10.5MB]
  --2 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @6257 [60.7KB]
  --___replace (property)--->  [<closure>] (closure) @48361 [80 bytes]
  --context (internal)--->  [<function scope>] (object) @307817 [748 bytes]
  --a (variable)--->  [Module] (object) @145289 [6.3KB]
  --get version (property)--->  [version] (closure) @168581 [80 bytes]
  --context (internal)--->  [<function scope>] (object) @144965 [6.5KB]
  --Qn (variable)--->  [y] (object) @409819 [368 bytes]
  --props (property)--->  [Object] (object) @440883 [28 bytes]
  --children (property)--->  [Object] (object) @440885 [296 bytes]
  --props (property)--->  [Object] (object) @442949 [56 bytes]
  --children (property)--->  [Object] (object) @410495 [1.2KB]
  --__ (property)--->  [Object] (object) @414973 [1.1KB]
  --__ (property)--->  [Object] (object) @414991 [940 bytes]
  --__ (property)--->  [Object] (object) @415001 [736 bytes]
  --__d (property)--->  [Detached HTMLDivElement] (native) @334113 [468 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @334111 [384 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @334109 [384 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @333341 [15KB]
  --6 (element)--->  [Detached HTMLAnchorElement] (native) @333309 [2KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @333315 [2.2KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @333321 [2.9KB]
  --13 (element)--->  [Detached InternalNode] (native) @30080 [856 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @30072 [800 bytes]
  --3 (element)--->  [Detached InternalNode] (native) @30078 [704 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @40508 [704 bytes]
  --5 (element)--->  [Detached Attr] (native) @33778 [88 bytes]

Copy link
Contributor

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...

Netlify Build
────────────────────────────────────────────────────────────────

❯ Version
@netlify/build 29.36.1

❯ Flags
auth: TTs786GkKycSkoas9uwxVwTtamK0txQzpvHwXleU3OQ
deployId: 65f485eaa4d56508356a2eb2
dir: ./public
functions: ./functions/src
open: false
prod: false
prodIfUnlocked: false
site: 3751ef40-b145-4249-9657-39d3fb04ae81
skipFunctionsCache: false

❯ Current directory
/home/runner/work/blog/blog

❯ Config file
/home/runner/work/blog/blog/netlify.toml

❯ Context
dev

Build logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/65f485eaa4d56508356a2eb2
Function logs: https://app.netlify.com/sites/pensive-lamport-5822d2/functions?scope=deploy:65f485eaa4d56508356a2eb2
Website draft URL: https://65f485eaa4d56508356a2eb2--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag.
netlify deploy --prod

Copy link
Contributor

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...

Netlify Build
────────────────────────────────────────────────────────────────

❯ Version
@netlify/build 29.36.1

❯ Flags
auth: EPJJ6iiVJKf1WzATp10YTzbujNbkSqWDiVl-3kCXA-Y
deployId: 65f4861fba0342031821c290
dir: ./storybook-static
open: false
prod: false
prodIfUnlocked: false
site: 905285ac-8339-48d2-86d8-8d639370a095
skipFunctionsCache: false

❯ Current directory
/home/runner/work/blog/blog

❯ Config file
/home/runner/work/blog/blog/netlify.toml

❯ Context
dev

Build logs: https://app.netlify.com/sites/blog-storybook/deploys/65f4861fba0342031821c290
Function logs: https://app.netlify.com/sites/blog-storybook/functions?scope=deploy:65f4861fba0342031821c290
Website draft URL: https://65f4861fba0342031821c290--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag.
netlify deploy --prod

Copy link
Contributor

github-actions bot pushed a commit that referenced this pull request Mar 15, 2024
github-actions bot pushed a commit that referenced this pull request Mar 15, 2024
github-actions bot pushed a commit that referenced this pull request Mar 15, 2024
github-actions bot pushed a commit that referenced this pull request Mar 15, 2024
github-actions bot pushed a commit that referenced this pull request Mar 15, 2024
github-actions bot pushed a commit that referenced this pull request Mar 15, 2024
github-actions bot pushed a commit that referenced this pull request Mar 15, 2024
github-actions bot pushed a commit that referenced this pull request Mar 15, 2024
Copy link
Contributor

Lighthouse Score

Desktop

performance: 97
accessibility: 100
best-practices: 100
seo: 92
pwa: 100

Mobile

performance: 80
accessibility: 100
best-practices: 96
seo: 93
pwa: 100

@tubone24 tubone24 merged commit 4b60e43 into master Mar 15, 2024
34 checks passed
@tubone24 tubone24 deleted the ogp branch March 15, 2024 17:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants