| 1 | {"_class":"io.jenkins.plugins.analysis.core.restapi.ReportApi","issues":[{"fileName":"package.json","lineStart":1,"severity":"NORMAL","message":"acorn 7.0.0 - [eslint>espree>acorn]: Affected versions of `acorn` are vulnerable to Regular Expression Denial of Service. A regex in the form of `/[x-\\ud800]/u` causes the parser to enter an infinite loop. The string is not valid UTF16 which usually results in it being sanitized before reaching the parser. If an application processes untrusted input and passes it directly to `acorn`, attackers may leverage the vulnerability leading to Denial of Service.","description":"Upgrade to versions 5.7.4, 6.4.1, 7.1.1 or later."},{"fileName":"package.json","lineStart":1,"severity":"NORMAL","message":"minimist 0.0.8 - [tar>mkdirp>minimist, eslint>file-entry-cache>flat-cache>write>mkdirp>minimist, eslint>mkdirp>minimist, mocha>mkdirp>minimist, mocha-jenkins-reporter>mocha>mkdirp>minimist, mocha-jenkins-reporter>mkdirp>minimist, nyc>spawn-wrap>mkdirp>minimist, nyc>istanbul-reports>handlebars>optimist>minimist]: Affected versions of `minimist` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects. \nParsing the argument `--__proto__.y=Polluted` adds a `y` property with value `Polluted` to all objects. The argument `--__proto__=Polluted` raises and uncaught error and crashes the application. \nThis is exploitable if attackers have control over the arguments being passed to `minimist`.\n","description":"Upgrade to versions 0.2.1, 1.2.3 or later."}],"size":2} |