Security Vulnerabilities Reported by Mend Bolt #318
Description
Please fix these vulnerabilities by updating or replacing the affected libraries.
Vulnerable Library - path-to-regexp-6.2.1.tgz
Express style path to RegExp utility
Library home page: https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.1.tgz
Path to dependency file: /wp-content/plugins/jwt-authentication-for-wp-rest-api/admin/ui/package.json
Path to vulnerable library: /wp-content/plugins/jwt-authentication-for-wp-rest-api/admin/ui/package.json
Dependency Hierarchy:
components-25.7.0.tgz (Root Library)
❌ path-to-regexp-6.2.1.tgz (Vulnerable Library)
Found in HEAD commit: 6477390ebed2bdcf8affaeb0b720e0153dfc447d
Found in base branch: main
Vulnerable Library - ws-7.5.9.tgz
Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js
Library home page: https://registry.npmjs.org/ws/-/ws-7.5.9.tgz
Path to dependency file: /wp-content/plugins/jwt-authentication-for-wp-rest-api/admin/ui/package.json
Path to vulnerable library: /wp-content/plugins/jwt-authentication-for-wp-rest-api/admin/ui/package.json
Dependency Hierarchy:
core-data-6.35.0.tgz (Root Library)
sync-0.20.0.tgz
y-webrtc-10.2.5.tgz
❌ ws-7.5.9.tgz (Vulnerable Library)
Found in HEAD commit: 6477390ebed2bdcf8affaeb0b720e0153dfc447d
Found in base branch: main
Vulnerable Library - showdown-1.9.1.tgz
A Markdown to HTML converter written in Javascript
Library home page: https://registry.npmjs.org/showdown/-/showdown-1.9.1.tgz
Path to dependency file: /wp-content/plugins/jwt-authentication-for-wp-rest-api/admin/ui/package.json
Path to vulnerable library: /wp-content/plugins/jwt-authentication-for-wp-rest-api/admin/ui/package.json,/wp-content/plugins/dx-affiliate-slide-block/package.json,/wp-content/plugins/dx-social-slide-block/package.json
Dependency Hierarchy:
core-data-6.35.0.tgz (Root Library)
blocks-12.35.0.tgz
❌ showdown-1.9.1.tgz (Vulnerable Library)
Found in HEAD commit: 6477390ebed2bdcf8affaeb0b720e0153dfc447d
Found in base branch: main
Vulnerable Library - postcss-8.4.29.tgz
Library home page: https://registry.npmjs.org/postcss/-/postcss-8.4.29.tgz
Path to dependency file: /wp-content/plugins/jwt-authentication-for-wp-rest-api/admin/ui/package.json
Path to vulnerable library: /wp-content/plugins/jwt-authentication-for-wp-rest-api/admin/ui/package.json
Dependency Hierarchy:
core-data-6.35.0.tgz (Root Library)
block-editor-12.26.0.tgz
❌ postcss-8.4.29.tgz (Vulnerable Library)
Found in HEAD commit: 6477390ebed2bdcf8affaeb0b720e0153dfc447d
Found in base branch: main
Vulnerable Library - nanoid-3.3.6.tgz
Library home page: https://registry.npmjs.org/nanoid/-/nanoid-3.3.6.tgz
Path to dependency file: /wp-content/plugins/jwt-authentication-for-wp-rest-api/admin/ui/package.json
Path to vulnerable library: /wp-content/plugins/jwt-authentication-for-wp-rest-api/admin/ui/package.json
Dependency Hierarchy:
core-data-6.35.0.tgz (Root Library)
block-editor-12.26.0.tgz
postcss-8.4.29.tgz
❌ nanoid-3.3.6.tgz (Vulnerable Library)
Found in HEAD commit: 6477390ebed2bdcf8affaeb0b720e0153dfc447d
Found in base branch: main
Vulnerable Library - showdown-1.9.1.tgz
A Markdown to HTML converter written in Javascript
Library home page: https://registry.npmjs.org/showdown/-/showdown-1.9.1.tgz
Path to dependency file: /wp-content/plugins/jwt-authentication-for-wp-rest-api/admin/ui/package.json
Path to vulnerable library: /wp-content/plugins/jwt-authentication-for-wp-rest-api/admin/ui/package.json,/wp-content/plugins/dx-affiliate-slide-block/package.json,/wp-content/plugins/dx-social-slide-block/package.json
Dependency Hierarchy:
blocks-14.5.0.tgz (Root Library)
❌ showdown-1.9.1.tgz (Vulnerable Library)
Found in HEAD commit: 66ed1b9d8e35cf9ec132c9b6c10d21df8511378a
Found in base branch: main