path-to-regexp used by ovirt-web-ui is affected by CVE-2024-45296 path-to-regexp outputs backtracking regular expressions
Dependabot fails to update the dependency with:
Dependabot cannot update path-to-regexp to a non-vulnerable version
The latest possible version that can be installed is 0.1.7 because of the following conflicting dependencies:
react-router@5.2.1 requires path-to-regexp@^1.7.0
react-router-dom@5.3.0 requires path-to-regexp@^1.7.0 via a transitive dependency on react-router@5.2.1
webpack-dev-server@4.8.1 requires path-to-regexp@0.1.7 via a transitive dependency on express@4.17.3
The earliest fixed version is 0.1.10.
VM Portal version number: 1.9.3
path-to-regexpused byovirt-web-uiis affected by CVE-2024-45296 path-to-regexp outputs backtracking regular expressionsDependabot fails to update the dependency with:
VM Portal version number: 1.9.3