mcp-audit-server 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (50) hide show
  1. package/PUBLISH_GUIDE.md +67 -0
  2. package/bin/cli.js +5 -0
  3. package/package.json +26 -0
  4. package/src/audit/currentAudit.js +50 -0
  5. package/src/audit/getDepChain.js +47 -0
  6. package/src/audit/index.js +28 -0
  7. package/src/audit/normalizeAuditResult.js +47 -0
  8. package/src/audit/npmAudit.js +10 -0
  9. package/src/audit/remoteAudit.js +24 -0
  10. package/src/audit/test/test-currentAudit.js +15 -0
  11. package/src/audit/test/test-getDepChain.js +13 -0
  12. package/src/audit/test/test-index.js +17 -0
  13. package/src/audit/test/test-normalizeAuditResult.js +18 -0
  14. package/src/audit/test/test-npmAudit.js +15 -0
  15. package/src/audit/test/test-remoteAudit.js +15 -0
  16. package/src/audit/test/workdir/audit.json +2130 -0
  17. package/src/audit/test/workdir/current.json +10 -0
  18. package/src/audit/test/workdir/index.json +2398 -0
  19. package/src/audit/test/workdir/normalized.json +2581 -0
  20. package/src/audit/test/workdir/package-lock.json +16137 -0
  21. package/src/audit/test/workdir/package.json +1 -0
  22. package/src/audit/test/workdir/remote.json +75 -0
  23. package/src/common/utils.js +35 -0
  24. package/src/entry/index.js +28 -0
  25. package/src/entry/test/result/result-local.md +1177 -0
  26. package/src/entry/test/result/result-remote.md +151 -0
  27. package/src/entry/test/test-index.js +15 -0
  28. package/src/generateLock/generateLock.js +27 -0
  29. package/src/generateLock/index.js +1 -0
  30. package/src/generateLock/test/1.json +1 -0
  31. package/src/generateLock/test/test.js +15 -0
  32. package/src/generateLock/test/workdir/package-lock.json +16137 -0
  33. package/src/generateLock/test/workdir/package.json +1 -0
  34. package/src/main/index.js +23 -0
  35. package/src/mcpServer.js +43 -0
  36. package/src/parseProject/index.js +18 -0
  37. package/src/parseProject/parseLocalProject.js +8 -0
  38. package/src/parseProject/parseRemoteProject.js +65 -0
  39. package/src/parseProject/test/test.js +26 -0
  40. package/src/render/index.js +24 -0
  41. package/src/render/markdown.js +17 -0
  42. package/src/render/template/audit.ejs +30 -0
  43. package/src/render/template/detail-item.ejs +32 -0
  44. package/src/render/template/detail.ejs +7 -0
  45. package/src/render/template/index.ejs +8 -0
  46. package/src/render/test/test-index.js +27 -0
  47. package/src/render/test/workdir/auditResult.json +2101 -0
  48. package/src/render/test/workdir/index.md +1221 -0
  49. package/src/render/test/workdir/package.json +38 -0
  50. package/src/workDir/index.js +21 -0
package/src/audit/test/workdir/audit.json ADDED
@@ -0,0 +1,2130 @@
1
+ {
2
+ "auditReportVersion": 2,
3
+ "vulnerabilities": {
4
+ "@intervolga/optimize-cssnano-plugin": {
5
+ "name": "@intervolga/optimize-cssnano-plugin",
6
+ "severity": "moderate",
7
+ "isDirect": false,
8
+ "via": [
9
+ "cssnano",
10
+ "cssnano-preset-default",
11
+ "postcss",
12
+ "webpack"
13
+ ],
14
+ "effects": [
15
+ "@vue/cli-service"
16
+ ],
17
+ "range": "*",
18
+ "nodes": [
19
+ "node_modules/@intervolga/optimize-cssnano-plugin"
20
+ ],
21
+ "fixAvailable": {
22
+ "name": "@vue/cli-plugin-babel",
23
+ "version": "5.0.8",
24
+ "isSemVerMajor": true
25
+ }
26
+ },
27
+ "@types/webpack-dev-server": {
28
+ "name": "@types/webpack-dev-server",
29
+ "severity": "high",
30
+ "isDirect": false,
31
+ "via": [
32
+ "http-proxy-middleware"
33
+ ],
34
+ "effects": [],
35
+ "range": "3.11.2 - 4.0.3",
36
+ "nodes": [
37
+ "node_modules/@types/webpack-dev-server"
38
+ ],
39
+ "fixAvailable": true
40
+ },
41
+ "@vue/cli-plugin-babel": {
42
+ "name": "@vue/cli-plugin-babel",
43
+ "severity": "moderate",
44
+ "isDirect": true,
45
+ "via": [
46
+ "@vue/cli-service",
47
+ "@vue/cli-shared-utils",
48
+ "cache-loader",
49
+ "webpack"
50
+ ],
51
+ "effects": [],
52
+ "range": ">=3.4.0",
53
+ "nodes": [
54
+ "node_modules/@vue/cli-plugin-babel"
55
+ ],
56
+ "fixAvailable": {
57
+ "name": "@vue/cli-plugin-babel",
58
+ "version": "5.0.8",
59
+ "isSemVerMajor": true
60
+ }
61
+ },
62
+ "@vue/cli-plugin-router": {
63
+ "name": "@vue/cli-plugin-router",
64
+ "severity": "moderate",
65
+ "isDirect": false,
66
+ "via": [
67
+ "@vue/cli-service",
68
+ "@vue/cli-shared-utils"
69
+ ],
70
+ "effects": [
71
+ "@vue/cli-service"
72
+ ],
73
+ "range": "*",
74
+ "nodes": [
75
+ "node_modules/@vue/cli-plugin-router"
76
+ ],
77
+ "fixAvailable": {
78
+ "name": "@vue/cli-plugin-babel",
79
+ "version": "5.0.8",
80
+ "isSemVerMajor": true
81
+ }
82
+ },
83
+ "@vue/cli-plugin-vuex": {
84
+ "name": "@vue/cli-plugin-vuex",
85
+ "severity": "moderate",
86
+ "isDirect": false,
87
+ "via": [
88
+ "@vue/cli-service"
89
+ ],
90
+ "effects": [
91
+ "@vue/cli-service"
92
+ ],
93
+ "range": "*",
94
+ "nodes": [
95
+ "node_modules/@vue/cli-plugin-vuex"
96
+ ],
97
+ "fixAvailable": {
98
+ "name": "@vue/cli-plugin-babel",
99
+ "version": "5.0.8",
100
+ "isSemVerMajor": true
101
+ }
102
+ },
103
+ "@vue/cli-service": {
104
+ "name": "@vue/cli-service",
105
+ "severity": "critical",
106
+ "isDirect": true,
107
+ "via": [
108
+ "@intervolga/optimize-cssnano-plugin",
109
+ "@vue/cli-plugin-router",
110
+ "@vue/cli-plugin-vuex",
111
+ "@vue/cli-shared-utils",
112
+ "@vue/component-compiler-utils",
113
+ "autoprefixer",
114
+ "cache-loader",
115
+ "css-loader",
116
+ "cssnano",
117
+ "file-loader",
118
+ "globby",
119
+ "html-webpack-plugin",
120
+ "mini-css-extract-plugin",
121
+ "postcss-loader",
122
+ "terser-webpack-plugin",
123
+ "url-loader",
124
+ "vue-loader",
125
+ "vue-template-compiler",
126
+ "webpack",
127
+ "webpack-bundle-analyzer",
128
+ "webpack-dev-server"
129
+ ],
130
+ "effects": [
131
+ "@vue/cli-plugin-babel",
132
+ "@vue/cli-plugin-router",
133
+ "@vue/cli-plugin-vuex"
134
+ ],
135
+ "range": "*",
136
+ "nodes": [
137
+ "node_modules/@vue/cli-service"
138
+ ],
139
+ "fixAvailable": {
140
+ "name": "@vue/cli-plugin-babel",
141
+ "version": "5.0.8",
142
+ "isSemVerMajor": true
143
+ }
144
+ },
145
+ "@vue/cli-shared-utils": {
146
+ "name": "@vue/cli-shared-utils",
147
+ "severity": "moderate",
148
+ "isDirect": false,
149
+ "via": [
150
+ "request"
151
+ ],
152
+ "effects": [
153
+ "@vue/cli-plugin-router"
154
+ ],
155
+ "range": "<=4.5.19",
156
+ "nodes": [
157
+ "node_modules/@vue/cli-shared-utils"
158
+ ],
159
+ "fixAvailable": {
160
+ "name": "@vue/cli-plugin-babel",
161
+ "version": "5.0.8",
162
+ "isSemVerMajor": true
163
+ }
164
+ },
165
+ "@vue/component-compiler-utils": {
166
+ "name": "@vue/component-compiler-utils",
167
+ "severity": "moderate",
168
+ "isDirect": false,
169
+ "via": [
170
+ "postcss"
171
+ ],
172
+ "effects": [
173
+ "@vue/cli-service",
174
+ "vue-loader"
175
+ ],
176
+ "range": "*",
177
+ "nodes": [
178
+ "node_modules/@vue/component-compiler-utils"
179
+ ],
180
+ "fixAvailable": {
181
+ "name": "@vue/cli-plugin-babel",
182
+ "version": "5.0.8",
183
+ "isSemVerMajor": true
184
+ }
185
+ },
186
+ "anymatch": {
187
+ "name": "anymatch",
188
+ "severity": "moderate",
189
+ "isDirect": false,
190
+ "via": [
191
+ "micromatch"
192
+ ],
193
+ "effects": [
194
+ "chokidar"
195
+ ],
196
+ "range": "1.2.0 - 2.0.0",
197
+ "nodes": [
198
+ "node_modules/watchpack-chokidar2/node_modules/anymatch",
199
+ "node_modules/webpack-dev-server/node_modules/anymatch"
200
+ ],
201
+ "fixAvailable": {
202
+ "name": "@vue/cli-plugin-babel",
203
+ "version": "5.0.8",
204
+ "isSemVerMajor": true
205
+ }
206
+ },
207
+ "autoprefixer": {
208
+ "name": "autoprefixer",
209
+ "severity": "moderate",
210
+ "isDirect": false,
211
+ "via": [
212
+ "postcss"
213
+ ],
214
+ "effects": [],
215
+ "range": "1.0.20131222 - 9.8.8",
216
+ "nodes": [
217
+ "node_modules/autoprefixer"
218
+ ],
219
+ "fixAvailable": true
220
+ },
221
+ "axios": {
222
+ "name": "axios",
223
+ "severity": "high",
224
+ "isDirect": true,
225
+ "via": [
226
+ {
227
+ "source": 1097679,
228
+ "name": "axios",
229
+ "dependency": "axios",
230
+ "title": "Axios Cross-Site Request Forgery Vulnerability",
231
+ "url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
232
+ "severity": "moderate",
233
+ "cwe": [
234
+ "CWE-352"
235
+ ],
236
+ "cvss": {
237
+ "score": 6.5,
238
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
239
+ },
240
+ "range": ">=0.8.1 <0.28.0"
241
+ },
242
+ {
243
+ "source": 1103617,
244
+ "name": "axios",
245
+ "dependency": "axios",
246
+ "title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL",
247
+ "url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6",
248
+ "severity": "high",
249
+ "cwe": [
250
+ "CWE-918"
251
+ ],
252
+ "cvss": {
253
+ "score": 0,
254
+ "vectorString": null
255
+ },
256
+ "range": "<0.30.0"
257
+ }
258
+ ],
259
+ "effects": [],
260
+ "range": "<=0.29.0",
261
+ "nodes": [
262
+ "node_modules/axios"
263
+ ],
264
+ "fixAvailable": {
265
+ "name": "axios",
266
+ "version": "1.11.0",
267
+ "isSemVerMajor": true
268
+ }
269
+ },
270
+ "bonjour": {
271
+ "name": "bonjour",
272
+ "severity": "high",
273
+ "isDirect": false,
274
+ "via": [
275
+ "multicast-dns"
276
+ ],
277
+ "effects": [
278
+ "webpack-dev-server"
279
+ ],
280
+ "range": ">=3.3.1",
281
+ "nodes": [
282
+ "node_modules/bonjour"
283
+ ],
284
+ "fixAvailable": true
285
+ },
286
+ "braces": {
287
+ "name": "braces",
288
+ "severity": "high",
289
+ "isDirect": false,
290
+ "via": [
291
+ {
292
+ "source": 1098094,
293
+ "name": "braces",
294
+ "dependency": "braces",
295
+ "title": "Uncontrolled resource consumption in braces",
296
+ "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
297
+ "severity": "high",
298
+ "cwe": [
299
+ "CWE-400",
300
+ "CWE-1050"
301
+ ],
302
+ "cvss": {
303
+ "score": 7.5,
304
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
305
+ },
306
+ "range": "<3.0.3"
307
+ }
308
+ ],
309
+ "effects": [
310
+ "chokidar",
311
+ "micromatch"
312
+ ],
313
+ "range": "<3.0.3",
314
+ "nodes": [
315
+ "node_modules/braces"
316
+ ],
317
+ "fixAvailable": {
318
+ "name": "@vue/cli-plugin-babel",
319
+ "version": "5.0.8",
320
+ "isSemVerMajor": true
321
+ }
322
+ },
323
+ "cache-loader": {
324
+ "name": "cache-loader",
325
+ "severity": "moderate",
326
+ "isDirect": false,
327
+ "via": [
328
+ "webpack"
329
+ ],
330
+ "effects": [
331
+ "@vue/cli-plugin-babel",
332
+ "@vue/cli-service"
333
+ ],
334
+ "range": ">=2.0.0",
335
+ "nodes": [
336
+ "node_modules/cache-loader"
337
+ ],
338
+ "fixAvailable": {
339
+ "name": "@vue/cli-plugin-babel",
340
+ "version": "5.0.8",
341
+ "isSemVerMajor": true
342
+ }
343
+ },
344
+ "chokidar": {
345
+ "name": "chokidar",
346
+ "severity": "high",
347
+ "isDirect": false,
348
+ "via": [
349
+ "anymatch",
350
+ "braces",
351
+ "readdirp"
352
+ ],
353
+ "effects": [
354
+ "watchpack-chokidar2",
355
+ "webpack-dev-server"
356
+ ],
357
+ "range": "1.3.0 - 2.1.8",
358
+ "nodes": [
359
+ "node_modules/watchpack-chokidar2/node_modules/chokidar",
360
+ "node_modules/webpack-dev-server/node_modules/chokidar"
361
+ ],
362
+ "fixAvailable": {
363
+ "name": "@vue/cli-plugin-babel",
364
+ "version": "5.0.8",
365
+ "isSemVerMajor": true
366
+ }
367
+ },
368
+ "css-declaration-sorter": {
369
+ "name": "css-declaration-sorter",
370
+ "severity": "moderate",
371
+ "isDirect": false,
372
+ "via": [
373
+ "postcss"
374
+ ],
375
+ "effects": [],
376
+ "range": "<=5.1.2",
377
+ "nodes": [
378
+ "node_modules/css-declaration-sorter"
379
+ ],
380
+ "fixAvailable": true
381
+ },
382
+ "css-loader": {
383
+ "name": "css-loader",
384
+ "severity": "moderate",
385
+ "isDirect": false,
386
+ "via": [
387
+ "icss-utils",
388
+ "postcss",
389
+ "postcss-modules-extract-imports",
390
+ "postcss-modules-local-by-default",
391
+ "postcss-modules-scope",
392
+ "postcss-modules-values"
393
+ ],
394
+ "effects": [
395
+ "@vue/cli-service"
396
+ ],
397
+ "range": "0.15.0 - 4.3.0",
398
+ "nodes": [
399
+ "node_modules/css-loader"
400
+ ],
401
+ "fixAvailable": {
402
+ "name": "@vue/cli-plugin-babel",
403
+ "version": "5.0.8",
404
+ "isSemVerMajor": true
405
+ }
406
+ },
407
+ "css-select": {
408
+ "name": "css-select",
409
+ "severity": "high",
410
+ "isDirect": false,
411
+ "via": [
412
+ "nth-check"
413
+ ],
414
+ "effects": [
415
+ "svgo"
416
+ ],
417
+ "range": "<=3.1.0",
418
+ "nodes": [
419
+ "node_modules/svgo/node_modules/css-select"
420
+ ],
421
+ "fixAvailable": true
422
+ },
423
+ "cssnano": {
424
+ "name": "cssnano",
425
+ "severity": "moderate",
426
+ "isDirect": false,
427
+ "via": [
428
+ "cssnano-preset-default",
429
+ "postcss"
430
+ ],
431
+ "effects": [
432
+ "@intervolga/optimize-cssnano-plugin",
433
+ "@vue/cli-service"
434
+ ],
435
+ "range": "<=4.1.11",
436
+ "nodes": [
437
+ "node_modules/cssnano"
438
+ ],
439
+ "fixAvailable": {
440
+ "name": "@vue/cli-plugin-babel",
441
+ "version": "5.0.8",
442
+ "isSemVerMajor": true
443
+ }
444
+ },
445
+ "cssnano-preset-default": {
446
+ "name": "cssnano-preset-default",
447
+ "severity": "moderate",
448
+ "isDirect": false,
449
+ "via": [
450
+ "css-declaration-sorter",
451
+ "cssnano-util-raw-cache",
452
+ "postcss",
453
+ "postcss-calc",
454
+ "postcss-colormin",
455
+ "postcss-convert-values",
456
+ "postcss-discard-comments",
457
+ "postcss-discard-duplicates",
458
+ "postcss-discard-empty",
459
+ "postcss-discard-overridden",
460
+ "postcss-merge-longhand",
461
+ "postcss-merge-rules",
462
+ "postcss-minify-font-values",
463
+ "postcss-minify-gradients",
464
+ "postcss-minify-params",
465
+ "postcss-minify-selectors",
466
+ "postcss-normalize-charset",
467
+ "postcss-normalize-display-values",
468
+ "postcss-normalize-positions",
469
+ "postcss-normalize-repeat-style",
470
+ "postcss-normalize-string",
471
+ "postcss-normalize-timing-functions",
472
+ "postcss-normalize-unicode",
473
+ "postcss-normalize-url",
474
+ "postcss-normalize-whitespace",
475
+ "postcss-ordered-values",
476
+ "postcss-reduce-initial",
477
+ "postcss-reduce-transforms",
478
+ "postcss-svgo",
479
+ "postcss-unique-selectors"
480
+ ],
481
+ "effects": [
482
+ "cssnano"
483
+ ],
484
+ "range": "<=4.0.8",
485
+ "nodes": [
486
+ "node_modules/cssnano-preset-default"
487
+ ],
488
+ "fixAvailable": {
489
+ "name": "@vue/cli-plugin-babel",
490
+ "version": "5.0.8",
491
+ "isSemVerMajor": true
492
+ }
493
+ },
494
+ "cssnano-util-raw-cache": {
495
+ "name": "cssnano-util-raw-cache",
496
+ "severity": "moderate",
497
+ "isDirect": false,
498
+ "via": [
499
+ "postcss"
500
+ ],
501
+ "effects": [],
502
+ "range": "*",
503
+ "nodes": [
504
+ "node_modules/cssnano-util-raw-cache"
505
+ ],
506
+ "fixAvailable": true
507
+ },
508
+ "dns-packet": {
509
+ "name": "dns-packet",
510
+ "severity": "high",
511
+ "isDirect": false,
512
+ "via": [
513
+ "ip"
514
+ ],
515
+ "effects": [
516
+ "multicast-dns"
517
+ ],
518
+ "range": "<=5.2.4",
519
+ "nodes": [
520
+ "node_modules/dns-packet"
521
+ ],
522
+ "fixAvailable": true
523
+ },
524
+ "ejs": {
525
+ "name": "ejs",
526
+ "severity": "critical",
527
+ "isDirect": false,
528
+ "via": [
529
+ {
530
+ "source": 1089270,
531
+ "name": "ejs",
532
+ "dependency": "ejs",
533
+ "title": "ejs template injection vulnerability",
534
+ "url": "https://github.com/advisories/GHSA-phwq-j96m-2c2q",
535
+ "severity": "critical",
536
+ "cwe": [
537
+ "CWE-74"
538
+ ],
539
+ "cvss": {
540
+ "score": 9.8,
541
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
542
+ },
543
+ "range": "<3.1.7"
544
+ },
545
+ {
546
+ "source": 1098366,
547
+ "name": "ejs",
548
+ "dependency": "ejs",
549
+ "title": "ejs lacks certain pollution protection",
550
+ "url": "https://github.com/advisories/GHSA-ghr5-ch3p-vcr6",
551
+ "severity": "moderate",
552
+ "cwe": [
553
+ "CWE-693",
554
+ "CWE-1321"
555
+ ],
556
+ "cvss": {
557
+ "score": 4,
558
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
559
+ },
560
+ "range": "<3.1.10"
561
+ }
562
+ ],
563
+ "effects": [
564
+ "webpack-bundle-analyzer"
565
+ ],
566
+ "range": "<=3.1.9",
567
+ "nodes": [
568
+ "node_modules/ejs"
569
+ ],
570
+ "fixAvailable": true
571
+ },
572
+ "fast-glob": {
573
+ "name": "fast-glob",
574
+ "severity": "moderate",
575
+ "isDirect": false,
576
+ "via": [
577
+ "micromatch"
578
+ ],
579
+ "effects": [
580
+ "globby"
581
+ ],
582
+ "range": "<=2.2.7",
583
+ "nodes": [
584
+ "node_modules/fast-glob"
585
+ ],
586
+ "fixAvailable": true
587
+ },
588
+ "file-loader": {
589
+ "name": "file-loader",
590
+ "severity": "moderate",
591
+ "isDirect": false,
592
+ "via": [
593
+ "webpack"
594
+ ],
595
+ "effects": [
596
+ "@vue/cli-service"
597
+ ],
598
+ "range": "3.0.0 - 4.3.0",
599
+ "nodes": [
600
+ "node_modules/file-loader"
601
+ ],
602
+ "fixAvailable": {
603
+ "name": "@vue/cli-plugin-babel",
604
+ "version": "5.0.8",
605
+ "isSemVerMajor": true
606
+ }
607
+ },
608
+ "form-data": {
609
+ "name": "form-data",
610
+ "severity": "critical",
611
+ "isDirect": false,
612
+ "via": [
613
+ {
614
+ "source": 1106509,
615
+ "name": "form-data",
616
+ "dependency": "form-data",
617
+ "title": "form-data uses unsafe random function in form-data for choosing boundary",
618
+ "url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
619
+ "severity": "critical",
620
+ "cwe": [
621
+ "CWE-330"
622
+ ],
623
+ "cvss": {
624
+ "score": 0,
625
+ "vectorString": null
626
+ },
627
+ "range": "<2.5.4"
628
+ }
629
+ ],
630
+ "effects": [
631
+ "request"
632
+ ],
633
+ "range": "<2.5.4",
634
+ "nodes": [
635
+ "node_modules/form-data"
636
+ ],
637
+ "fixAvailable": {
638
+ "name": "@vue/cli-plugin-babel",
639
+ "version": "5.0.8",
640
+ "isSemVerMajor": true
641
+ }
642
+ },
643
+ "globby": {
644
+ "name": "globby",
645
+ "severity": "moderate",
646
+ "isDirect": false,
647
+ "via": [
648
+ "fast-glob"
649
+ ],
650
+ "effects": [],
651
+ "range": "8.0.0 - 9.2.0",
652
+ "nodes": [
653
+ "node_modules/globby"
654
+ ],
655
+ "fixAvailable": true
656
+ },
657
+ "html-minifier": {
658
+ "name": "html-minifier",
659
+ "severity": "high",
660
+ "isDirect": false,
661
+ "via": [
662
+ {
663
+ "source": 1105440,
664
+ "name": "html-minifier",
665
+ "dependency": "html-minifier",
666
+ "title": "kangax html-minifier REDoS vulnerability",
667
+ "url": "https://github.com/advisories/GHSA-pfq8-rq6v-vf5m",
668
+ "severity": "high",
669
+ "cwe": [
670
+ "CWE-400",
671
+ "CWE-1333"
672
+ ],
673
+ "cvss": {
674
+ "score": 7.5,
675
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
676
+ },
677
+ "range": "<=4.0.0"
678
+ }
679
+ ],
680
+ "effects": [
681
+ "html-webpack-plugin"
682
+ ],
683
+ "range": "*",
684
+ "nodes": [
685
+ "node_modules/html-minifier"
686
+ ],
687
+ "fixAvailable": true
688
+ },
689
+ "html-webpack-plugin": {
690
+ "name": "html-webpack-plugin",
691
+ "severity": "critical",
692
+ "isDirect": false,
693
+ "via": [
694
+ "html-minifier",
695
+ "loader-utils"
696
+ ],
697
+ "effects": [],
698
+ "range": "1.4.0 - 4.0.0-beta.14",
699
+ "nodes": [
700
+ "node_modules/html-webpack-plugin"
701
+ ],
702
+ "fixAvailable": true
703
+ },
704
+ "http-proxy-middleware": {
705
+ "name": "http-proxy-middleware",
706
+ "severity": "high",
707
+ "isDirect": false,
708
+ "via": [
709
+ {
710
+ "source": 1100223,
711
+ "name": "http-proxy-middleware",
712
+ "dependency": "http-proxy-middleware",
713
+ "title": "Denial of service in http-proxy-middleware",
714
+ "url": "https://github.com/advisories/GHSA-c7qv-q95q-8v27",
715
+ "severity": "high",
716
+ "cwe": [
717
+ "CWE-400"
718
+ ],
719
+ "cvss": {
720
+ "score": 7.5,
721
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
722
+ },
723
+ "range": "<2.0.7"
724
+ },
725
+ {
726
+ "source": 1104105,
727
+ "name": "http-proxy-middleware",
728
+ "dependency": "http-proxy-middleware",
729
+ "title": "http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed",
730
+ "url": "https://github.com/advisories/GHSA-9gqv-wp59-fq42",
731
+ "severity": "moderate",
732
+ "cwe": [
733
+ "CWE-754"
734
+ ],
735
+ "cvss": {
736
+ "score": 4,
737
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"
738
+ },
739
+ "range": ">=1.3.0 <2.0.9"
740
+ },
741
+ {
742
+ "source": 1104106,
743
+ "name": "http-proxy-middleware",
744
+ "dependency": "http-proxy-middleware",
745
+ "title": "http-proxy-middleware can call writeBody twice because \"else if\" is not used",
746
+ "url": "https://github.com/advisories/GHSA-4www-5p9h-95mh",
747
+ "severity": "moderate",
748
+ "cwe": [
749
+ "CWE-670"
750
+ ],
751
+ "cvss": {
752
+ "score": 4,
753
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"
754
+ },
755
+ "range": ">=1.3.0 <2.0.8"
756
+ },
757
+ "micromatch"
758
+ ],
759
+ "effects": [
760
+ "@types/webpack-dev-server",
761
+ "webpack-dev-server"
762
+ ],
763
+ "range": "<=2.0.8",
764
+ "nodes": [
765
+ "node_modules/http-proxy-middleware",
766
+ "node_modules/webpack-dev-server/node_modules/http-proxy-middleware"
767
+ ],
768
+ "fixAvailable": true
769
+ },
770
+ "icss-utils": {
771
+ "name": "icss-utils",
772
+ "severity": "moderate",
773
+ "isDirect": false,
774
+ "via": [
775
+ "postcss"
776
+ ],
777
+ "effects": [
778
+ "css-loader",
779
+ "postcss-modules-local-by-default",
780
+ "postcss-modules-values"
781
+ ],
782
+ "range": "<=4.1.1",
783
+ "nodes": [
784
+ "node_modules/icss-utils"
785
+ ],
786
+ "fixAvailable": {
787
+ "name": "@vue/cli-plugin-babel",
788
+ "version": "5.0.8",
789
+ "isSemVerMajor": true
790
+ }
791
+ },
792
+ "ip": {
793
+ "name": "ip",
794
+ "severity": "high",
795
+ "isDirect": false,
796
+ "via": [
797
+ {
798
+ "source": 1101851,
799
+ "name": "ip",
800
+ "dependency": "ip",
801
+ "title": "ip SSRF improper categorization in isPublic",
802
+ "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp",
803
+ "severity": "high",
804
+ "cwe": [
805
+ "CWE-918"
806
+ ],
807
+ "cvss": {
808
+ "score": 8.1,
809
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
810
+ },
811
+ "range": "<=2.0.1"
812
+ }
813
+ ],
814
+ "effects": [
815
+ "dns-packet",
816
+ "webpack-dev-server"
817
+ ],
818
+ "range": "*",
819
+ "nodes": [
820
+ "node_modules/ip"
821
+ ],
822
+ "fixAvailable": true
823
+ },
824
+ "json5": {
825
+ "name": "json5",
826
+ "severity": "high",
827
+ "isDirect": false,
828
+ "via": [
829
+ {
830
+ "source": 1096543,
831
+ "name": "json5",
832
+ "dependency": "json5",
833
+ "title": "Prototype Pollution in JSON5 via Parse Method",
834
+ "url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
835
+ "severity": "high",
836
+ "cwe": [
837
+ "CWE-1321"
838
+ ],
839
+ "cvss": {
840
+ "score": 7.1,
841
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
842
+ },
843
+ "range": "<1.0.2"
844
+ }
845
+ ],
846
+ "effects": [
847
+ "loader-utils"
848
+ ],
849
+ "range": "<1.0.2",
850
+ "nodes": [
851
+ "node_modules/html-webpack-plugin/node_modules/json5"
852
+ ],
853
+ "fixAvailable": true
854
+ },
855
+ "loader-utils": {
856
+ "name": "loader-utils",
857
+ "severity": "critical",
858
+ "isDirect": false,
859
+ "via": [
860
+ {
861
+ "source": 1094088,
862
+ "name": "loader-utils",
863
+ "dependency": "loader-utils",
864
+ "title": "Prototype pollution in webpack loader-utils",
865
+ "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq",
866
+ "severity": "critical",
867
+ "cwe": [
868
+ "CWE-1321"
869
+ ],
870
+ "cvss": {
871
+ "score": 9.8,
872
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
873
+ },
874
+ "range": "<1.4.1"
875
+ },
876
+ "json5"
877
+ ],
878
+ "effects": [
879
+ "html-webpack-plugin"
880
+ ],
881
+ "range": "<=1.4.0",
882
+ "nodes": [
883
+ "node_modules/html-webpack-plugin/node_modules/loader-utils"
884
+ ],
885
+ "fixAvailable": true
886
+ },
887
+ "micromatch": {
888
+ "name": "micromatch",
889
+ "severity": "high",
890
+ "isDirect": false,
891
+ "via": [
892
+ {
893
+ "source": 1098681,
894
+ "name": "micromatch",
895
+ "dependency": "micromatch",
896
+ "title": "Regular Expression Denial of Service (ReDoS) in micromatch",
897
+ "url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
898
+ "severity": "moderate",
899
+ "cwe": [
900
+ "CWE-1333"
901
+ ],
902
+ "cvss": {
903
+ "score": 5.3,
904
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
905
+ },
906
+ "range": "<4.0.8"
907
+ },
908
+ "braces"
909
+ ],
910
+ "effects": [
911
+ "anymatch",
912
+ "fast-glob",
913
+ "http-proxy-middleware",
914
+ "readdirp",
915
+ "webpack"
916
+ ],
917
+ "range": "<=4.0.7",
918
+ "nodes": [
919
+ "node_modules/micromatch"
920
+ ],
921
+ "fixAvailable": {
922
+ "name": "@vue/cli-plugin-babel",
923
+ "version": "5.0.8",
924
+ "isSemVerMajor": true
925
+ }
926
+ },
927
+ "mini-css-extract-plugin": {
928
+ "name": "mini-css-extract-plugin",
929
+ "severity": "moderate",
930
+ "isDirect": false,
931
+ "via": [
932
+ "webpack"
933
+ ],
934
+ "effects": [],
935
+ "range": "<=0.9.0",
936
+ "nodes": [
937
+ "node_modules/mini-css-extract-plugin"
938
+ ],
939
+ "fixAvailable": true
940
+ },
941
+ "mockjs": {
942
+ "name": "mockjs",
943
+ "severity": "high",
944
+ "isDirect": true,
945
+ "via": [
946
+ {
947
+ "source": 1095258,
948
+ "name": "mockjs",
949
+ "dependency": "mockjs",
950
+ "title": "mockjs vulnerable to Prototype Pollution via the Util.extend function",
951
+ "url": "https://github.com/advisories/GHSA-mh8j-9jvh-gjf6",
952
+ "severity": "high",
953
+ "cwe": [
954
+ "CWE-1321"
955
+ ],
956
+ "cvss": {
957
+ "score": 8.2,
958
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
959
+ },
960
+ "range": "<=1.1.0"
961
+ }
962
+ ],
963
+ "effects": [],
964
+ "range": "*",
965
+ "nodes": [
966
+ "node_modules/mockjs"
967
+ ],
968
+ "fixAvailable": false
969
+ },
970
+ "multicast-dns": {
971
+ "name": "multicast-dns",
972
+ "severity": "high",
973
+ "isDirect": false,
974
+ "via": [
975
+ "dns-packet"
976
+ ],
977
+ "effects": [
978
+ "bonjour"
979
+ ],
980
+ "range": "6.0.0 - 7.2.2",
981
+ "nodes": [
982
+ "node_modules/multicast-dns"
983
+ ],
984
+ "fixAvailable": true
985
+ },
986
+ "node-forge": {
987
+ "name": "node-forge",
988
+ "severity": "high",
989
+ "isDirect": false,
990
+ "via": [
991
+ {
992
+ "source": 1088227,
993
+ "name": "node-forge",
994
+ "dependency": "node-forge",
995
+ "title": "Prototype Pollution in node-forge debug API.",
996
+ "url": "https://github.com/advisories/GHSA-5rrq-pxf6-6jx5",
997
+ "severity": "low",
998
+ "cwe": [
999
+ "CWE-1321"
1000
+ ],
1001
+ "cvss": {
1002
+ "score": 0,
1003
+ "vectorString": null
1004
+ },
1005
+ "range": "<1.0.0"
1006
+ },
1007
+ {
1008
+ "source": 1088229,
1009
+ "name": "node-forge",
1010
+ "dependency": "node-forge",
1011
+ "title": "URL parsing in node-forge could lead to undesired behavior.",
1012
+ "url": "https://github.com/advisories/GHSA-gf8q-jrpm-jvxq",
1013
+ "severity": "low",
1014
+ "cwe": [
1015
+ "CWE-601"
1016
+ ],
1017
+ "cvss": {
1018
+ "score": 0,
1019
+ "vectorString": null
1020
+ },
1021
+ "range": "<1.0.0"
1022
+ },
1023
+ {
1024
+ "source": 1088746,
1025
+ "name": "node-forge",
1026
+ "dependency": "node-forge",
1027
+ "title": "Improper Verification of Cryptographic Signature in `node-forge`",
1028
+ "url": "https://github.com/advisories/GHSA-2r2c-g63r-vccr",
1029
+ "severity": "moderate",
1030
+ "cwe": [
1031
+ "CWE-347"
1032
+ ],
1033
+ "cvss": {
1034
+ "score": 5.3,
1035
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
1036
+ },
1037
+ "range": "<1.3.0"
1038
+ },
1039
+ {
1040
+ "source": 1093719,
1041
+ "name": "node-forge",
1042
+ "dependency": "node-forge",
1043
+ "title": "Open Redirect in node-forge",
1044
+ "url": "https://github.com/advisories/GHSA-8fr3-hfg3-gpgp",
1045
+ "severity": "moderate",
1046
+ "cwe": [
1047
+ "CWE-601"
1048
+ ],
1049
+ "cvss": {
1050
+ "score": 6.1,
1051
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
1052
+ },
1053
+ "range": "<1.0.0"
1054
+ },
1055
+ {
1056
+ "source": 1102321,
1057
+ "name": "node-forge",
1058
+ "dependency": "node-forge",
1059
+ "title": "Improper Verification of Cryptographic Signature in node-forge",
1060
+ "url": "https://github.com/advisories/GHSA-x4jg-mjrx-434g",
1061
+ "severity": "high",
1062
+ "cwe": [
1063
+ "CWE-347"
1064
+ ],
1065
+ "cvss": {
1066
+ "score": 7.5,
1067
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
1068
+ },
1069
+ "range": "<1.3.0"
1070
+ },
1071
+ {
1072
+ "source": 1102322,
1073
+ "name": "node-forge",
1074
+ "dependency": "node-forge",
1075
+ "title": "Improper Verification of Cryptographic Signature in node-forge",
1076
+ "url": "https://github.com/advisories/GHSA-cfm4-qjh2-4765",
1077
+ "severity": "high",
1078
+ "cwe": [
1079
+ "CWE-347"
1080
+ ],
1081
+ "cvss": {
1082
+ "score": 7.5,
1083
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
1084
+ },
1085
+ "range": "<1.3.0"
1086
+ }
1087
+ ],
1088
+ "effects": [
1089
+ "selfsigned"
1090
+ ],
1091
+ "range": "<=1.2.1",
1092
+ "nodes": [
1093
+ "node_modules/node-forge"
1094
+ ],
1095
+ "fixAvailable": true
1096
+ },
1097
+ "nth-check": {
1098
+ "name": "nth-check",
1099
+ "severity": "high",
1100
+ "isDirect": false,
1101
+ "via": [
1102
+ {
1103
+ "source": 1095141,
1104
+ "name": "nth-check",
1105
+ "dependency": "nth-check",
1106
+ "title": "Inefficient Regular Expression Complexity in nth-check",
1107
+ "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
1108
+ "severity": "high",
1109
+ "cwe": [
1110
+ "CWE-1333"
1111
+ ],
1112
+ "cvss": {
1113
+ "score": 7.5,
1114
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
1115
+ },
1116
+ "range": "<2.0.1"
1117
+ }
1118
+ ],
1119
+ "effects": [
1120
+ "css-select"
1121
+ ],
1122
+ "range": "<2.0.1",
1123
+ "nodes": [
1124
+ "node_modules/svgo/node_modules/nth-check"
1125
+ ],
1126
+ "fixAvailable": true
1127
+ },
1128
+ "postcss": {
1129
+ "name": "postcss",
1130
+ "severity": "moderate",
1131
+ "isDirect": false,
1132
+ "via": [
1133
+ {
1134
+ "source": 1094544,
1135
+ "name": "postcss",
1136
+ "dependency": "postcss",
1137
+ "title": "PostCSS line return parsing error",
1138
+ "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
1139
+ "severity": "moderate",
1140
+ "cwe": [
1141
+ "CWE-74",
1142
+ "CWE-144"
1143
+ ],
1144
+ "cvss": {
1145
+ "score": 5.3,
1146
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
1147
+ },
1148
+ "range": "<8.4.31"
1149
+ }
1150
+ ],
1151
+ "effects": [
1152
+ "@intervolga/optimize-cssnano-plugin",
1153
+ "@vue/component-compiler-utils",
1154
+ "autoprefixer",
1155
+ "css-declaration-sorter",
1156
+ "css-loader",
1157
+ "cssnano",
1158
+ "cssnano-preset-default",
1159
+ "cssnano-util-raw-cache",
1160
+ "icss-utils",
1161
+ "postcss-calc",
1162
+ "postcss-colormin",
1163
+ "postcss-convert-values",
1164
+ "postcss-discard-comments",
1165
+ "postcss-discard-duplicates",
1166
+ "postcss-discard-empty",
1167
+ "postcss-discard-overridden",
1168
+ "postcss-loader",
1169
+ "postcss-merge-longhand",
1170
+ "postcss-merge-rules",
1171
+ "postcss-minify-font-values",
1172
+ "postcss-minify-gradients",
1173
+ "postcss-minify-params",
1174
+ "postcss-minify-selectors",
1175
+ "postcss-modules-extract-imports",
1176
+ "postcss-modules-local-by-default",
1177
+ "postcss-modules-scope",
1178
+ "postcss-modules-values",
1179
+ "postcss-normalize-charset",
1180
+ "postcss-normalize-display-values",
1181
+ "postcss-normalize-positions",
1182
+ "postcss-normalize-repeat-style",
1183
+ "postcss-normalize-string",
1184
+ "postcss-normalize-timing-functions",
1185
+ "postcss-normalize-unicode",
1186
+ "postcss-normalize-url",
1187
+ "postcss-normalize-whitespace",
1188
+ "postcss-ordered-values",
1189
+ "postcss-reduce-initial",
1190
+ "postcss-reduce-transforms",
1191
+ "postcss-svgo",
1192
+ "postcss-unique-selectors",
1193
+ "stylehacks"
1194
+ ],
1195
+ "range": "<8.4.31",
1196
+ "nodes": [
1197
+ "node_modules/postcss"
1198
+ ],
1199
+ "fixAvailable": {
1200
+ "name": "@vue/cli-plugin-babel",
1201
+ "version": "5.0.8",
1202
+ "isSemVerMajor": true
1203
+ }
1204
+ },
1205
+ "postcss-calc": {
1206
+ "name": "postcss-calc",
1207
+ "severity": "moderate",
1208
+ "isDirect": false,
1209
+ "via": [
1210
+ "postcss"
1211
+ ],
1212
+ "effects": [],
1213
+ "range": "4.1.0 - 7.0.5",
1214
+ "nodes": [
1215
+ "node_modules/postcss-calc"
1216
+ ],
1217
+ "fixAvailable": true
1218
+ },
1219
+ "postcss-colormin": {
1220
+ "name": "postcss-colormin",
1221
+ "severity": "moderate",
1222
+ "isDirect": false,
1223
+ "via": [
1224
+ "postcss"
1225
+ ],
1226
+ "effects": [],
1227
+ "range": "<=4.0.3",
1228
+ "nodes": [
1229
+ "node_modules/postcss-colormin"
1230
+ ],
1231
+ "fixAvailable": true
1232
+ },
1233
+ "postcss-convert-values": {
1234
+ "name": "postcss-convert-values",
1235
+ "severity": "moderate",
1236
+ "isDirect": false,
1237
+ "via": [
1238
+ "postcss"
1239
+ ],
1240
+ "effects": [],
1241
+ "range": "<=4.0.1",
1242
+ "nodes": [
1243
+ "node_modules/postcss-convert-values"
1244
+ ],
1245
+ "fixAvailable": true
1246
+ },
1247
+ "postcss-discard-comments": {
1248
+ "name": "postcss-discard-comments",
1249
+ "severity": "moderate",
1250
+ "isDirect": false,
1251
+ "via": [
1252
+ "postcss"
1253
+ ],
1254
+ "effects": [],
1255
+ "range": "<=4.0.2",
1256
+ "nodes": [
1257
+ "node_modules/postcss-discard-comments"
1258
+ ],
1259
+ "fixAvailable": true
1260
+ },
1261
+ "postcss-discard-duplicates": {
1262
+ "name": "postcss-discard-duplicates",
1263
+ "severity": "moderate",
1264
+ "isDirect": false,
1265
+ "via": [
1266
+ "postcss"
1267
+ ],
1268
+ "effects": [],
1269
+ "range": "1.1.0 - 4.0.2",
1270
+ "nodes": [
1271
+ "node_modules/postcss-discard-duplicates"
1272
+ ],
1273
+ "fixAvailable": true
1274
+ },
1275
+ "postcss-discard-empty": {
1276
+ "name": "postcss-discard-empty",
1277
+ "severity": "moderate",
1278
+ "isDirect": false,
1279
+ "via": [
1280
+ "postcss"
1281
+ ],
1282
+ "effects": [],
1283
+ "range": "1.1.0 - 4.0.1",
1284
+ "nodes": [
1285
+ "node_modules/postcss-discard-empty"
1286
+ ],
1287
+ "fixAvailable": true
1288
+ },
1289
+ "postcss-discard-overridden": {
1290
+ "name": "postcss-discard-overridden",
1291
+ "severity": "moderate",
1292
+ "isDirect": false,
1293
+ "via": [
1294
+ "postcss"
1295
+ ],
1296
+ "effects": [],
1297
+ "range": "<=4.0.1",
1298
+ "nodes": [
1299
+ "node_modules/postcss-discard-overridden"
1300
+ ],
1301
+ "fixAvailable": true
1302
+ },
1303
+ "postcss-loader": {
1304
+ "name": "postcss-loader",
1305
+ "severity": "moderate",
1306
+ "isDirect": false,
1307
+ "via": [
1308
+ "postcss"
1309
+ ],
1310
+ "effects": [],
1311
+ "range": "<=4.0.1",
1312
+ "nodes": [
1313
+ "node_modules/postcss-loader"
1314
+ ],
1315
+ "fixAvailable": true
1316
+ },
1317
+ "postcss-merge-longhand": {
1318
+ "name": "postcss-merge-longhand",
1319
+ "severity": "moderate",
1320
+ "isDirect": false,
1321
+ "via": [
1322
+ "postcss",
1323
+ "stylehacks"
1324
+ ],
1325
+ "effects": [],
1326
+ "range": "<=4.0.11",
1327
+ "nodes": [
1328
+ "node_modules/postcss-merge-longhand"
1329
+ ],
1330
+ "fixAvailable": true
1331
+ },
1332
+ "postcss-merge-rules": {
1333
+ "name": "postcss-merge-rules",
1334
+ "severity": "moderate",
1335
+ "isDirect": false,
1336
+ "via": [
1337
+ "postcss"
1338
+ ],
1339
+ "effects": [],
1340
+ "range": "<=4.0.3",
1341
+ "nodes": [
1342
+ "node_modules/postcss-merge-rules"
1343
+ ],
1344
+ "fixAvailable": true
1345
+ },
1346
+ "postcss-minify-font-values": {
1347
+ "name": "postcss-minify-font-values",
1348
+ "severity": "moderate",
1349
+ "isDirect": false,
1350
+ "via": [
1351
+ "postcss"
1352
+ ],
1353
+ "effects": [],
1354
+ "range": "<=4.0.2",
1355
+ "nodes": [
1356
+ "node_modules/postcss-minify-font-values"
1357
+ ],
1358
+ "fixAvailable": true
1359
+ },
1360
+ "postcss-minify-gradients": {
1361
+ "name": "postcss-minify-gradients",
1362
+ "severity": "moderate",
1363
+ "isDirect": false,
1364
+ "via": [
1365
+ "postcss"
1366
+ ],
1367
+ "effects": [],
1368
+ "range": "<=4.0.2",
1369
+ "nodes": [
1370
+ "node_modules/postcss-minify-gradients"
1371
+ ],
1372
+ "fixAvailable": true
1373
+ },
1374
+ "postcss-minify-params": {
1375
+ "name": "postcss-minify-params",
1376
+ "severity": "moderate",
1377
+ "isDirect": false,
1378
+ "via": [
1379
+ "postcss"
1380
+ ],
1381
+ "effects": [],
1382
+ "range": "<=4.0.2",
1383
+ "nodes": [
1384
+ "node_modules/postcss-minify-params"
1385
+ ],
1386
+ "fixAvailable": true
1387
+ },
1388
+ "postcss-minify-selectors": {
1389
+ "name": "postcss-minify-selectors",
1390
+ "severity": "moderate",
1391
+ "isDirect": false,
1392
+ "via": [
1393
+ "postcss"
1394
+ ],
1395
+ "effects": [],
1396
+ "range": "<=4.0.2",
1397
+ "nodes": [
1398
+ "node_modules/postcss-minify-selectors"
1399
+ ],
1400
+ "fixAvailable": true
1401
+ },
1402
+ "postcss-modules-extract-imports": {
1403
+ "name": "postcss-modules-extract-imports",
1404
+ "severity": "moderate",
1405
+ "isDirect": false,
1406
+ "via": [
1407
+ "postcss"
1408
+ ],
1409
+ "effects": [],
1410
+ "range": "<=2.0.0",
1411
+ "nodes": [
1412
+ "node_modules/postcss-modules-extract-imports"
1413
+ ],
1414
+ "fixAvailable": true
1415
+ },
1416
+ "postcss-modules-local-by-default": {
1417
+ "name": "postcss-modules-local-by-default",
1418
+ "severity": "moderate",
1419
+ "isDirect": false,
1420
+ "via": [
1421
+ "icss-utils",
1422
+ "postcss"
1423
+ ],
1424
+ "effects": [],
1425
+ "range": "<=4.0.0-rc.4",
1426
+ "nodes": [
1427
+ "node_modules/postcss-modules-local-by-default"
1428
+ ],
1429
+ "fixAvailable": true
1430
+ },
1431
+ "postcss-modules-scope": {
1432
+ "name": "postcss-modules-scope",
1433
+ "severity": "moderate",
1434
+ "isDirect": false,
1435
+ "via": [
1436
+ "postcss"
1437
+ ],
1438
+ "effects": [],
1439
+ "range": "<=2.2.0",
1440
+ "nodes": [
1441
+ "node_modules/postcss-modules-scope"
1442
+ ],
1443
+ "fixAvailable": true
1444
+ },
1445
+ "postcss-modules-values": {
1446
+ "name": "postcss-modules-values",
1447
+ "severity": "moderate",
1448
+ "isDirect": false,
1449
+ "via": [
1450
+ "icss-utils",
1451
+ "postcss"
1452
+ ],
1453
+ "effects": [
1454
+ "css-loader"
1455
+ ],
1456
+ "range": "<=4.0.0-rc.5",
1457
+ "nodes": [
1458
+ "node_modules/postcss-modules-values"
1459
+ ],
1460
+ "fixAvailable": {
1461
+ "name": "@vue/cli-plugin-babel",
1462
+ "version": "5.0.8",
1463
+ "isSemVerMajor": true
1464
+ }
1465
+ },
1466
+ "postcss-normalize-charset": {
1467
+ "name": "postcss-normalize-charset",
1468
+ "severity": "moderate",
1469
+ "isDirect": false,
1470
+ "via": [
1471
+ "postcss"
1472
+ ],
1473
+ "effects": [],
1474
+ "range": "<=4.0.1",
1475
+ "nodes": [
1476
+ "node_modules/postcss-normalize-charset"
1477
+ ],
1478
+ "fixAvailable": true
1479
+ },
1480
+ "postcss-normalize-display-values": {
1481
+ "name": "postcss-normalize-display-values",
1482
+ "severity": "moderate",
1483
+ "isDirect": false,
1484
+ "via": [
1485
+ "postcss"
1486
+ ],
1487
+ "effects": [],
1488
+ "range": "<=4.0.2",
1489
+ "nodes": [
1490
+ "node_modules/postcss-normalize-display-values"
1491
+ ],
1492
+ "fixAvailable": true
1493
+ },
1494
+ "postcss-normalize-positions": {
1495
+ "name": "postcss-normalize-positions",
1496
+ "severity": "moderate",
1497
+ "isDirect": false,
1498
+ "via": [
1499
+ "postcss"
1500
+ ],
1501
+ "effects": [],
1502
+ "range": "<=4.0.2",
1503
+ "nodes": [
1504
+ "node_modules/postcss-normalize-positions"
1505
+ ],
1506
+ "fixAvailable": true
1507
+ },
1508
+ "postcss-normalize-repeat-style": {
1509
+ "name": "postcss-normalize-repeat-style",
1510
+ "severity": "moderate",
1511
+ "isDirect": false,
1512
+ "via": [
1513
+ "postcss"
1514
+ ],
1515
+ "effects": [],
1516
+ "range": "<=4.0.2",
1517
+ "nodes": [
1518
+ "node_modules/postcss-normalize-repeat-style"
1519
+ ],
1520
+ "fixAvailable": true
1521
+ },
1522
+ "postcss-normalize-string": {
1523
+ "name": "postcss-normalize-string",
1524
+ "severity": "moderate",
1525
+ "isDirect": false,
1526
+ "via": [
1527
+ "postcss"
1528
+ ],
1529
+ "effects": [],
1530
+ "range": "<=4.0.2",
1531
+ "nodes": [
1532
+ "node_modules/postcss-normalize-string"
1533
+ ],
1534
+ "fixAvailable": true
1535
+ },
1536
+ "postcss-normalize-timing-functions": {
1537
+ "name": "postcss-normalize-timing-functions",
1538
+ "severity": "moderate",
1539
+ "isDirect": false,
1540
+ "via": [
1541
+ "postcss"
1542
+ ],
1543
+ "effects": [],
1544
+ "range": "<=4.0.2",
1545
+ "nodes": [
1546
+ "node_modules/postcss-normalize-timing-functions"
1547
+ ],
1548
+ "fixAvailable": true
1549
+ },
1550
+ "postcss-normalize-unicode": {
1551
+ "name": "postcss-normalize-unicode",
1552
+ "severity": "moderate",
1553
+ "isDirect": false,
1554
+ "via": [
1555
+ "postcss"
1556
+ ],
1557
+ "effects": [],
1558
+ "range": "<=4.0.1",
1559
+ "nodes": [
1560
+ "node_modules/postcss-normalize-unicode"
1561
+ ],
1562
+ "fixAvailable": true
1563
+ },
1564
+ "postcss-normalize-url": {
1565
+ "name": "postcss-normalize-url",
1566
+ "severity": "moderate",
1567
+ "isDirect": false,
1568
+ "via": [
1569
+ "postcss"
1570
+ ],
1571
+ "effects": [],
1572
+ "range": "1.1.0 - 4.0.1",
1573
+ "nodes": [
1574
+ "node_modules/postcss-normalize-url"
1575
+ ],
1576
+ "fixAvailable": true
1577
+ },
1578
+ "postcss-normalize-whitespace": {
1579
+ "name": "postcss-normalize-whitespace",
1580
+ "severity": "moderate",
1581
+ "isDirect": false,
1582
+ "via": [
1583
+ "postcss"
1584
+ ],
1585
+ "effects": [],
1586
+ "range": "<=4.0.2",
1587
+ "nodes": [
1588
+ "node_modules/postcss-normalize-whitespace"
1589
+ ],
1590
+ "fixAvailable": true
1591
+ },
1592
+ "postcss-ordered-values": {
1593
+ "name": "postcss-ordered-values",
1594
+ "severity": "moderate",
1595
+ "isDirect": false,
1596
+ "via": [
1597
+ "postcss"
1598
+ ],
1599
+ "effects": [],
1600
+ "range": "<=4.1.2",
1601
+ "nodes": [
1602
+ "node_modules/postcss-ordered-values"
1603
+ ],
1604
+ "fixAvailable": true
1605
+ },
1606
+ "postcss-reduce-initial": {
1607
+ "name": "postcss-reduce-initial",
1608
+ "severity": "moderate",
1609
+ "isDirect": false,
1610
+ "via": [
1611
+ "postcss"
1612
+ ],
1613
+ "effects": [],
1614
+ "range": "<=4.0.3",
1615
+ "nodes": [
1616
+ "node_modules/postcss-reduce-initial"
1617
+ ],
1618
+ "fixAvailable": true
1619
+ },
1620
+ "postcss-reduce-transforms": {
1621
+ "name": "postcss-reduce-transforms",
1622
+ "severity": "moderate",
1623
+ "isDirect": false,
1624
+ "via": [
1625
+ "postcss"
1626
+ ],
1627
+ "effects": [],
1628
+ "range": "<=4.0.2",
1629
+ "nodes": [
1630
+ "node_modules/postcss-reduce-transforms"
1631
+ ],
1632
+ "fixAvailable": true
1633
+ },
1634
+ "postcss-svgo": {
1635
+ "name": "postcss-svgo",
1636
+ "severity": "high",
1637
+ "isDirect": false,
1638
+ "via": [
1639
+ "postcss",
1640
+ "svgo"
1641
+ ],
1642
+ "effects": [],
1643
+ "range": "<=5.0.0-rc.2",
1644
+ "nodes": [
1645
+ "node_modules/postcss-svgo"
1646
+ ],
1647
+ "fixAvailable": true
1648
+ },
1649
+ "postcss-unique-selectors": {
1650
+ "name": "postcss-unique-selectors",
1651
+ "severity": "moderate",
1652
+ "isDirect": false,
1653
+ "via": [
1654
+ "postcss"
1655
+ ],
1656
+ "effects": [],
1657
+ "range": "<=4.0.1",
1658
+ "nodes": [
1659
+ "node_modules/postcss-unique-selectors"
1660
+ ],
1661
+ "fixAvailable": true
1662
+ },
1663
+ "readdirp": {
1664
+ "name": "readdirp",
1665
+ "severity": "moderate",
1666
+ "isDirect": false,
1667
+ "via": [
1668
+ "micromatch"
1669
+ ],
1670
+ "effects": [
1671
+ "chokidar"
1672
+ ],
1673
+ "range": "2.2.0 - 2.2.1",
1674
+ "nodes": [
1675
+ "node_modules/watchpack-chokidar2/node_modules/readdirp",
1676
+ "node_modules/webpack-dev-server/node_modules/readdirp"
1677
+ ],
1678
+ "fixAvailable": {
1679
+ "name": "@vue/cli-plugin-babel",
1680
+ "version": "5.0.8",
1681
+ "isSemVerMajor": true
1682
+ }
1683
+ },
1684
+ "request": {
1685
+ "name": "request",
1686
+ "severity": "critical",
1687
+ "isDirect": false,
1688
+ "via": [
1689
+ {
1690
+ "source": 1096727,
1691
+ "name": "request",
1692
+ "dependency": "request",
1693
+ "title": "Server-Side Request Forgery in Request",
1694
+ "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
1695
+ "severity": "moderate",
1696
+ "cwe": [
1697
+ "CWE-918"
1698
+ ],
1699
+ "cvss": {
1700
+ "score": 6.1,
1701
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
1702
+ },
1703
+ "range": "<=2.88.2"
1704
+ },
1705
+ "form-data",
1706
+ "tough-cookie"
1707
+ ],
1708
+ "effects": [
1709
+ "@vue/cli-shared-utils"
1710
+ ],
1711
+ "range": "*",
1712
+ "nodes": [
1713
+ "node_modules/request"
1714
+ ],
1715
+ "fixAvailable": {
1716
+ "name": "@vue/cli-plugin-babel",
1717
+ "version": "5.0.8",
1718
+ "isSemVerMajor": true
1719
+ }
1720
+ },
1721
+ "selfsigned": {
1722
+ "name": "selfsigned",
1723
+ "severity": "high",
1724
+ "isDirect": false,
1725
+ "via": [
1726
+ "node-forge"
1727
+ ],
1728
+ "effects": [
1729
+ "webpack-dev-server"
1730
+ ],
1731
+ "range": "1.1.1 - 1.10.14",
1732
+ "nodes": [
1733
+ "node_modules/selfsigned"
1734
+ ],
1735
+ "fixAvailable": true
1736
+ },
1737
+ "stylehacks": {
1738
+ "name": "stylehacks",
1739
+ "severity": "moderate",
1740
+ "isDirect": false,
1741
+ "via": [
1742
+ "postcss"
1743
+ ],
1744
+ "effects": [
1745
+ "postcss-merge-longhand"
1746
+ ],
1747
+ "range": "<=4.0.3",
1748
+ "nodes": [
1749
+ "node_modules/stylehacks"
1750
+ ],
1751
+ "fixAvailable": true
1752
+ },
1753
+ "svgo": {
1754
+ "name": "svgo",
1755
+ "severity": "high",
1756
+ "isDirect": false,
1757
+ "via": [
1758
+ "css-select"
1759
+ ],
1760
+ "effects": [
1761
+ "postcss-svgo"
1762
+ ],
1763
+ "range": "1.0.0 - 1.3.2",
1764
+ "nodes": [
1765
+ "node_modules/svgo"
1766
+ ],
1767
+ "fixAvailable": true
1768
+ },
1769
+ "terser-webpack-plugin": {
1770
+ "name": "terser-webpack-plugin",
1771
+ "severity": "moderate",
1772
+ "isDirect": false,
1773
+ "via": [
1774
+ "webpack"
1775
+ ],
1776
+ "effects": [
1777
+ "@vue/cli-service",
1778
+ "webpack"
1779
+ ],
1780
+ "range": "<=2.2.1",
1781
+ "nodes": [
1782
+ "node_modules/terser-webpack-plugin"
1783
+ ],
1784
+ "fixAvailable": {
1785
+ "name": "@vue/cli-plugin-babel",
1786
+ "version": "5.0.8",
1787
+ "isSemVerMajor": true
1788
+ }
1789
+ },
1790
+ "tough-cookie": {
1791
+ "name": "tough-cookie",
1792
+ "severity": "moderate",
1793
+ "isDirect": false,
1794
+ "via": [
1795
+ {
1796
+ "source": 1097682,
1797
+ "name": "tough-cookie",
1798
+ "dependency": "tough-cookie",
1799
+ "title": "tough-cookie Prototype Pollution vulnerability",
1800
+ "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
1801
+ "severity": "moderate",
1802
+ "cwe": [
1803
+ "CWE-1321"
1804
+ ],
1805
+ "cvss": {
1806
+ "score": 6.5,
1807
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
1808
+ },
1809
+ "range": "<4.1.3"
1810
+ }
1811
+ ],
1812
+ "effects": [
1813
+ "request"
1814
+ ],
1815
+ "range": "<4.1.3",
1816
+ "nodes": [
1817
+ "node_modules/tough-cookie"
1818
+ ],
1819
+ "fixAvailable": {
1820
+ "name": "@vue/cli-plugin-babel",
1821
+ "version": "5.0.8",
1822
+ "isSemVerMajor": true
1823
+ }
1824
+ },
1825
+ "url-loader": {
1826
+ "name": "url-loader",
1827
+ "severity": "moderate",
1828
+ "isDirect": false,
1829
+ "via": [
1830
+ "webpack"
1831
+ ],
1832
+ "effects": [
1833
+ "@vue/cli-service"
1834
+ ],
1835
+ "range": "1.1.0 - 1.1.1 || 2.0.0 - 2.3.0",
1836
+ "nodes": [
1837
+ "node_modules/url-loader"
1838
+ ],
1839
+ "fixAvailable": {
1840
+ "name": "@vue/cli-plugin-babel",
1841
+ "version": "5.0.8",
1842
+ "isSemVerMajor": true
1843
+ }
1844
+ },
1845
+ "vue": {
1846
+ "name": "vue",
1847
+ "severity": "low",
1848
+ "isDirect": true,
1849
+ "via": [
1850
+ {
1851
+ "source": 1100238,
1852
+ "name": "vue",
1853
+ "dependency": "vue",
1854
+ "title": "ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function",
1855
+ "url": "https://github.com/advisories/GHSA-5j4c-8p2g-v4jx",
1856
+ "severity": "low",
1857
+ "cwe": [
1858
+ "CWE-1333"
1859
+ ],
1860
+ "cvss": {
1861
+ "score": 3.7,
1862
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
1863
+ },
1864
+ "range": ">=2.0.0-alpha.1 <3.0.0-alpha.0"
1865
+ }
1866
+ ],
1867
+ "effects": [
1868
+ "vuex"
1869
+ ],
1870
+ "range": "2.0.0-alpha.1 - 2.7.16",
1871
+ "nodes": [
1872
+ "node_modules/vue"
1873
+ ],
1874
+ "fixAvailable": {
1875
+ "name": "vue",
1876
+ "version": "3.5.18",
1877
+ "isSemVerMajor": true
1878
+ }
1879
+ },
1880
+ "vue-loader": {
1881
+ "name": "vue-loader",
1882
+ "severity": "moderate",
1883
+ "isDirect": false,
1884
+ "via": [
1885
+ "@vue/component-compiler-utils"
1886
+ ],
1887
+ "effects": [],
1888
+ "range": "15.0.0-beta.1 - 15.11.1",
1889
+ "nodes": [
1890
+ "node_modules/vue-loader"
1891
+ ],
1892
+ "fixAvailable": true
1893
+ },
1894
+ "vue-template-compiler": {
1895
+ "name": "vue-template-compiler",
1896
+ "severity": "moderate",
1897
+ "isDirect": true,
1898
+ "via": [
1899
+ {
1900
+ "source": 1098721,
1901
+ "name": "vue-template-compiler",
1902
+ "dependency": "vue-template-compiler",
1903
+ "title": "vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)",
1904
+ "url": "https://github.com/advisories/GHSA-g3ch-rx76-35fx",
1905
+ "severity": "moderate",
1906
+ "cwe": [
1907
+ "CWE-79"
1908
+ ],
1909
+ "cvss": {
1910
+ "score": 4.2,
1911
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
1912
+ },
1913
+ "range": ">=2.0.0 <3.0.0"
1914
+ }
1915
+ ],
1916
+ "effects": [
1917
+ "@vue/cli-service"
1918
+ ],
1919
+ "range": ">=2.0.0",
1920
+ "nodes": [
1921
+ "node_modules/vue-template-compiler"
1922
+ ],
1923
+ "fixAvailable": {
1924
+ "name": "@vue/cli-plugin-babel",
1925
+ "version": "5.0.8",
1926
+ "isSemVerMajor": true
1927
+ }
1928
+ },
1929
+ "vuex": {
1930
+ "name": "vuex",
1931
+ "severity": "low",
1932
+ "isDirect": true,
1933
+ "via": [
1934
+ "vue"
1935
+ ],
1936
+ "effects": [],
1937
+ "range": "3.1.3 - 3.6.2",
1938
+ "nodes": [
1939
+ "node_modules/vuex"
1940
+ ],
1941
+ "fixAvailable": {
1942
+ "name": "vuex",
1943
+ "version": "4.1.0",
1944
+ "isSemVerMajor": true
1945
+ }
1946
+ },
1947
+ "watchpack": {
1948
+ "name": "watchpack",
1949
+ "severity": "high",
1950
+ "isDirect": false,
1951
+ "via": [
1952
+ "watchpack-chokidar2"
1953
+ ],
1954
+ "effects": [
1955
+ "webpack"
1956
+ ],
1957
+ "range": "1.7.2 - 1.7.5",
1958
+ "nodes": [
1959
+ "node_modules/watchpack"
1960
+ ],
1961
+ "fixAvailable": {
1962
+ "name": "@vue/cli-plugin-babel",
1963
+ "version": "5.0.8",
1964
+ "isSemVerMajor": true
1965
+ }
1966
+ },
1967
+ "watchpack-chokidar2": {
1968
+ "name": "watchpack-chokidar2",
1969
+ "severity": "high",
1970
+ "isDirect": false,
1971
+ "via": [
1972
+ "chokidar"
1973
+ ],
1974
+ "effects": [
1975
+ "watchpack"
1976
+ ],
1977
+ "range": "*",
1978
+ "nodes": [
1979
+ "node_modules/watchpack-chokidar2"
1980
+ ],
1981
+ "fixAvailable": {
1982
+ "name": "@vue/cli-plugin-babel",
1983
+ "version": "5.0.8",
1984
+ "isSemVerMajor": true
1985
+ }
1986
+ },
1987
+ "webpack": {
1988
+ "name": "webpack",
1989
+ "severity": "high",
1990
+ "isDirect": false,
1991
+ "via": [
1992
+ "micromatch",
1993
+ "terser-webpack-plugin",
1994
+ "watchpack"
1995
+ ],
1996
+ "effects": [
1997
+ "@intervolga/optimize-cssnano-plugin",
1998
+ "@vue/cli-plugin-babel",
1999
+ "cache-loader",
2000
+ "file-loader",
2001
+ "mini-css-extract-plugin",
2002
+ "terser-webpack-plugin",
2003
+ "url-loader"
2004
+ ],
2005
+ "range": "4.0.0-alpha.0 - 5.0.0-rc.6",
2006
+ "nodes": [
2007
+ "node_modules/webpack"
2008
+ ],
2009
+ "fixAvailable": {
2010
+ "name": "@vue/cli-plugin-babel",
2011
+ "version": "5.0.8",
2012
+ "isSemVerMajor": true
2013
+ }
2014
+ },
2015
+ "webpack-bundle-analyzer": {
2016
+ "name": "webpack-bundle-analyzer",
2017
+ "severity": "critical",
2018
+ "isDirect": false,
2019
+ "via": [
2020
+ "ejs"
2021
+ ],
2022
+ "effects": [],
2023
+ "range": "1.3.0 - 3.9.0",
2024
+ "nodes": [
2025
+ "node_modules/@vue/cli-service/node_modules/webpack-bundle-analyzer"
2026
+ ],
2027
+ "fixAvailable": true
2028
+ },
2029
+ "webpack-dev-middleware": {
2030
+ "name": "webpack-dev-middleware",
2031
+ "severity": "high",
2032
+ "isDirect": false,
2033
+ "via": [
2034
+ {
2035
+ "source": 1096729,
2036
+ "name": "webpack-dev-middleware",
2037
+ "dependency": "webpack-dev-middleware",
2038
+ "title": "Path traversal in webpack-dev-middleware",
2039
+ "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6",
2040
+ "severity": "high",
2041
+ "cwe": [
2042
+ "CWE-22"
2043
+ ],
2044
+ "cvss": {
2045
+ "score": 7.4,
2046
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
2047
+ },
2048
+ "range": "<=5.3.3"
2049
+ }
2050
+ ],
2051
+ "effects": [
2052
+ "webpack-dev-server"
2053
+ ],
2054
+ "range": "<=5.3.3",
2055
+ "nodes": [
2056
+ "node_modules/webpack-dev-middleware"
2057
+ ],
2058
+ "fixAvailable": true
2059
+ },
2060
+ "webpack-dev-server": {
2061
+ "name": "webpack-dev-server",
2062
+ "severity": "high",
2063
+ "isDirect": false,
2064
+ "via": [
2065
+ {
2066
+ "source": 1105256,
2067
+ "name": "webpack-dev-server",
2068
+ "dependency": "webpack-dev-server",
2069
+ "title": "webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser",
2070
+ "url": "https://github.com/advisories/GHSA-9jgg-88mc-972h",
2071
+ "severity": "moderate",
2072
+ "cwe": [
2073
+ "CWE-346"
2074
+ ],
2075
+ "cvss": {
2076
+ "score": 6.5,
2077
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
2078
+ },
2079
+ "range": "<=5.2.0"
2080
+ },
2081
+ {
2082
+ "source": 1105257,
2083
+ "name": "webpack-dev-server",
2084
+ "dependency": "webpack-dev-server",
2085
+ "title": "webpack-dev-server users' source code may be stolen when they access a malicious web site",
2086
+ "url": "https://github.com/advisories/GHSA-4v9v-hfq4-rm2v",
2087
+ "severity": "moderate",
2088
+ "cwe": [
2089
+ "CWE-749"
2090
+ ],
2091
+ "cvss": {
2092
+ "score": 5.3,
2093
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"
2094
+ },
2095
+ "range": "<=5.2.0"
2096
+ },
2097
+ "bonjour",
2098
+ "chokidar",
2099
+ "http-proxy-middleware",
2100
+ "ip",
2101
+ "selfsigned",
2102
+ "webpack-dev-middleware"
2103
+ ],
2104
+ "effects": [],
2105
+ "range": "<=5.2.0",
2106
+ "nodes": [
2107
+ "node_modules/webpack-dev-server"
2108
+ ],
2109
+ "fixAvailable": true
2110
+ }
2111
+ },
2112
+ "metadata": {
2113
+ "vulnerabilities": {
2114
+ "info": 0,
2115
+ "low": 2,
2116
+ "moderate": 58,
2117
+ "high": 24,
2118
+ "critical": 7,
2119
+ "total": 91
2120
+ },
2121
+ "dependencies": {
2122
+ "prod": 23,
2123
+ "dev": 1341,
2124
+ "optional": 29,
2125
+ "peer": 0,
2126
+ "peerOptional": 0,
2127
+ "total": 1364
2128
+ }
2129
+ }
2130
+ }