We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
npm audit reports many security vulnerabilities with this package--
npm audit
{ "actions": [ { "action": "review", "module": "hoek", "resolves": [ { "id": 566, "path": "d3-timeline>node-lessify>less>request>hawk>boom>hoek", "dev": false, "optional": true, "bundled": false }, { "id": 566, "path": "d3-timeline>node-lessify>less>request>hawk>cryptiles>boom>hoek", "dev": false, "optional": true, "bundled": false }, { "id": 566, "path": "d3-timeline>node-lessify>less>request>hawk>hoek", "dev": false, "optional": true, "bundled": false }, { "id": 566, "path": "d3-timeline>node-lessify>less>request>hawk>sntp>hoek", "dev": false, "optional": true, "bundled": false } ] }, { "action": "review", "module": "mime", "resolves": [ { "id": 535, "path": "d3-timeline>node-lessify>less>mime", "dev": false, "optional": true, "bundled": false }, { "id": 535, "path": "d3-timeline>node-lessify>less>request>form-data>mime", "dev": false, "optional": true, "bundled": false } ] }, { "action": "review", "module": "uglify-js", "resolves": [ { "id": 39, "path": "d3-timeline>vashify>vash>uglify-js", "dev": false, "optional": false, "bundled": false }, { "id": 48, "path": "d3-timeline>vashify>vash>uglify-js", "dev": false, "optional": false, "bundled": false } ] }, { "action": "review", "module": "lodash", "resolves": [ { "id": 577, "path": "d3-timeline>lodash", "dev": false, "optional": false, "bundled": false } ] }, { "action": "review", "module": "hawk", "resolves": [ { "id": 77, "path": "d3-timeline>node-lessify>less>request>hawk", "dev": false, "optional": true, "bundled": false } ] }, { "action": "review", "module": "tunnel-agent", "resolves": [ { "id": 598, "path": "d3-timeline>node-lessify>less>request>tunnel-agent", "dev": false, "optional": true, "bundled": false } ] } ], "advisories": { "39": { "findings": [ { "version": "1.0.6", "paths": [ "d3-timeline>vashify>vash>uglify-js" ], "dev": false, "optional": false, "bundled": false } ], "id": 39, "created": "2015-10-17T19:41:46.382Z", "updated": "2018-02-24T00:13:52.640Z", "deleted": null, "title": "Incorrect Handling of Non-Boolean Comparisons During Minification", "found_by": { "name": "Tom MacWright" }, "reported_by": { "name": "Tom MacWright" }, "module_name": "uglify-js", "cves": [ "CVE-2015-8857" ], "vulnerable_versions": "<= 2.4.23", "patched_versions": ">= 2.4.24", "overview": "Versions of `uglify-js` prior to 2.4.24 are affected by a vulnerability which may cause crafted JavaScript to have altered functionality after minification.\n\n", "recommendation": "Upgrade UglifyJS to version >= 2.4.24.", "references": "[Backdooring JS - Yan Zhu(@bcrypt)](https://zyan.scripts.mit.edu[Backdooring JS - Yan Zhu(@bcrypt)]/blog/backdooring-js/)\n[Issue #751](https://github.com/mishoo/UglifyJS2/issues/751)", "access": "public", "severity": "low", "cwe": "CWE-95", "metadata": { "module_type": "Multi.Compiler", "exploitability": 2, "affected_components": "" }, "url": "https://npmjs.com/advisories/39" }, "48": { "findings": [ { "version": "1.0.6", "paths": [ "d3-timeline>vashify>vash>uglify-js" ], "dev": false, "optional": false, "bundled": false } ], "id": 48, "created": "2015-10-24T17:58:34.232Z", "updated": "2018-02-24T00:59:58.129Z", "deleted": null, "title": "Regular Expression Denial of Service", "found_by": { "name": "Adam Baldwin" }, "reported_by": { "name": "Adam Baldwin" }, "module_name": "uglify-js", "cves": [ "CVE-2015-8858" ], "vulnerable_versions": "<2.6.0", "patched_versions": ">=2.6.0", "overview": "Versions of `uglify-js` prior to 2.6.0 are affected by a regular expression denial of service vulnerability when malicious inputs are passed into the `parse()` method.\n\n\n### Proof of Concept\n\n```\nvar u = require('uglify-js');\nvar genstr = function (len, chr) {\n var result = \"\";\n for (i=0; i<=len; i++) {\n result = result + chr;\n }\n\n return result;\n}\n\nu.parse(\"var a = \" + genstr(process.argv[2], \"1\") + \".1ee7;\");\n```\n\n### Results\n```\n$ time node test.js 10000\nreal\t0m1.091s\nuser\t0m1.047s\nsys\t0m0.039s\n\n$ time node test.js 80000\nreal\t0m6.486s\nuser\t0m6.229s\nsys\t0m0.094s\n```", "recommendation": "Update to version 2.6.0 or later.", "references": "", "access": "public", "severity": "low", "cwe": "CWE-400", "metadata": { "module_type": "CLI.Compiler", "exploitability": 3, "affected_components": "Internal::Code::Method::parse([*])" }, "url": "https://npmjs.com/advisories/48" }, "77": { "findings": [ { "version": "1.1.1", "paths": [ "d3-timeline>node-lessify>less>request>hawk" ], "dev": false, "optional": true, "bundled": false } ], "id": 77, "created": "2016-01-19T21:50:30.175Z", "updated": "2018-02-26T22:47:26.285Z", "deleted": null, "title": "Regular Expression Denial of Service", "found_by": { "name": "Adam Baldwin" }, "reported_by": { "name": "Adam Baldwin" }, "module_name": "hawk", "cves": [ "CVE-2016-2515" ], "vulnerable_versions": "< 3.1.3 || >= 4.0.0 <4.1.1", "patched_versions": ">=3.1.3 < 4.0.0 || >=4.1.1", "overview": "Versions of `hawk` prior to 3.1.3, or 4.x prior to 4.1.1 are affected by a regular expression denial of service vulnerability related to excessively long headers and URI's.\n", "recommendation": "Update to hawk version 4.1.1 or later.", "references": "[Issue #168](https://github.com/hueniverse/hawk/issues/168)", "access": "public", "severity": "moderate", "cwe": "CWE-400", "metadata": { "module_type": "Network.Library", "exploitability": 5, "affected_components": "" }, "url": "https://npmjs.com/advisories/77" }, "535": { "findings": [ { "version": "1.2.11", "paths": [ "d3-timeline>node-lessify>less>mime", "d3-timeline>node-lessify>less>request>form-data>mime" ], "dev": false, "optional": true, "bundled": false } ], "id": 535, "created": "2017-09-25T19:02:28.152Z", "updated": "2018-04-09T00:38:22.785Z", "deleted": null, "title": "Regular Expression Denial of Service", "found_by": { "name": "Cristian-Alexandru Staicu" }, "reported_by": { "name": "Cristian-Alexandru Staicu" }, "module_name": "mime", "cves": [ "CVE-2017-16138" ], "vulnerable_versions": "< 1.4.1 || > 2.0.0 < 2.0.3", "patched_versions": ">= 1.4.1 < 2.0.0 || >= 2.0.3", "overview": "Affected versions of `mime` are vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.", "recommendation": "Update to version 2.0.3 or later.", "references": "[Issue #167](https://github.com/broofa/node-mime/issues/167)", "access": "public", "severity": "moderate", "cwe": "CWE-400", "metadata": { "module_type": "Multi.Library", "exploitability": 4, "affected_components": "" }, "url": "https://npmjs.com/advisories/535" }, "566": { "findings": [ { "version": "0.9.1", "paths": [ "d3-timeline>node-lessify>less>request>hawk>boom>hoek", "d3-timeline>node-lessify>less>request>hawk>cryptiles>boom>hoek", "d3-timeline>node-lessify>less>request>hawk>hoek", "d3-timeline>node-lessify>less>request>hawk>sntp>hoek" ], "dev": false, "optional": true, "bundled": false } ], "id": 566, "created": "2018-04-20T21:25:58.421Z", "updated": "2018-04-20T21:25:58.421Z", "deleted": null, "title": "Prototype pollution", "found_by": { "name": "HoLyVieR" }, "reported_by": { "name": "HoLyVieR" }, "module_name": "hoek", "cves": [], "vulnerable_versions": "<= 4.2.0 || >= 5.0.0 < 5.0.3", "patched_versions": "> 4.2.0 < 5.0.0 || >= 5.0.3", "overview": "Versions of `hoek` prior to 4.2.1 and 5.0.3 are vulnerable to prototype pollution.\n\nThe `merge` function, and the `applyToDefaults` and `applyToDefaultsWithShallow` functions which leverage `merge` behind the scenes, are vulnerable to a prototype pollution attack when provided an _unvalidated_ payload created from a JSON string containing the `__proto__` property.\n\nThis can be demonstrated like so:\n\n```javascript\nvar Hoek = require('hoek');\nvar malicious_payload = '{\"__proto__\":{\"oops\":\"It works !\"}}';\n\nvar a = {};\nconsole.log(\"Before : \" + a.oops);\nHoek.merge({}, JSON.parse(malicious_payload));\nconsole.log(\"After : \" + a.oops);\n```\n\nThis type of attack can be used to overwrite existing properties causing a potential denial of service.", "recommendation": "Update to version 4.2.1, 5.0.3 or later.", "references": "", "access": "public", "severity": "moderate", "cwe": "CWE-471", "metadata": { "module_type": "", "exploitability": 5, "affected_components": "" }, "url": "https://npmjs.com/advisories/566" }, "577": { "findings": [ { "version": "3.10.1", "paths": [ "d3-timeline>lodash" ], "dev": false, "optional": false, "bundled": false } ], "id": 577, "created": "2018-04-24T14:27:02.796Z", "updated": "2018-04-24T14:27:13.049Z", "deleted": null, "title": "Prototype Pollution", "found_by": { "name": "Olivier Arteau (HoLyVieR)" }, "reported_by": { "name": "Olivier Arteau (HoLyVieR)" }, "module_name": "lodash", "cves": [ "CVE-2018-3721" ], "vulnerable_versions": "<4.17.5", "patched_versions": ">=4.17.5", "overview": "Versions of `lodash` before 4.17.5 are vulnerable to prototype pollution. \n\nThe vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of `Object` via `__proto__` causing the addition or modification of an existing property that will exist on all objects.\n\n", "recommendation": "Update to version 4.17.5 or later.", "references": "- [HackerOne Report](https://hackerone.com/reports/310443)", "access": "public", "severity": "low", "cwe": "CWE-471", "metadata": { "module_type": "", "exploitability": 1, "affected_components": "" }, "url": "https://npmjs.com/advisories/577" }, "598": { "findings": [ { "version": "0.4.3", "paths": [ "d3-timeline>node-lessify>less>request>tunnel-agent" ], "dev": false, "optional": true, "bundled": false } ], "id": 598, "created": "2018-04-24T20:30:16.099Z", "updated": "2018-04-24T20:31:15.816Z", "deleted": null, "title": "Memory Exposure", "found_by": { "name": "Сковорода Никита Андреевич" }, "reported_by": { "name": "Сковорода Никита Андреевич" }, "module_name": "tunnel-agent", "cves": [], "vulnerable_versions": "<0.6.0", "patched_versions": ">=0.6.0", "overview": "Versions of `tunnel-agent` before 0.6.0 are vulnerable to memory exposure.\n\nThis is exploitable if user supplied input is provided to the auth value and is a number.\n\nProof-of-concept:\n```js\nrequire('request')({\n method: 'GET',\n uri: 'http://www.example.com',\n tunnel: true,\n proxy:{\n protocol: 'http:',\n host:'127.0.0.1',\n port:8080,\n auth:USERSUPPLIEDINPUT // number\n }\n});\n```", "recommendation": "Update to version 0.6.0 or later.", "references": "- [GitHub Commit #9ca95ec](https://github.com/request/tunnel-agent/commit/9ca95ec7219daface8a6fc2674000653de0922c0)\n- [Proof of Concept](https://gist.github.com/ChALkeR/fd6b2c445834244e7d440a043f9d2ff4)", "access": "public", "severity": "moderate", "cwe": "CWE-20", "metadata": { "module_type": "", "exploitability": 3, "affected_components": "" }, "url": "https://npmjs.com/advisories/598" } }, "muted": [], "metadata": { "vulnerabilities": { "info": 0, "low": 3, "moderate": 8, "high": 0, "critical": 0 }, "dependencies": 611, "devDependencies": 13697, "optionalDependencies": 242, "totalDependencies": 14356 }, "runId": "a54c0ce2-bb9b-4eb6-be31-42e48c5cbae6" }
The text was updated successfully, but these errors were encountered:
No branches or pull requests
npm auditreports many security vulnerabilities with this package--{ "actions": [ { "action": "review", "module": "hoek", "resolves": [ { "id": 566, "path": "d3-timeline>node-lessify>less>request>hawk>boom>hoek", "dev": false, "optional": true, "bundled": false }, { "id": 566, "path": "d3-timeline>node-lessify>less>request>hawk>cryptiles>boom>hoek", "dev": false, "optional": true, "bundled": false }, { "id": 566, "path": "d3-timeline>node-lessify>less>request>hawk>hoek", "dev": false, "optional": true, "bundled": false }, { "id": 566, "path": "d3-timeline>node-lessify>less>request>hawk>sntp>hoek", "dev": false, "optional": true, "bundled": false } ] }, { "action": "review", "module": "mime", "resolves": [ { "id": 535, "path": "d3-timeline>node-lessify>less>mime", "dev": false, "optional": true, "bundled": false }, { "id": 535, "path": "d3-timeline>node-lessify>less>request>form-data>mime", "dev": false, "optional": true, "bundled": false } ] }, { "action": "review", "module": "uglify-js", "resolves": [ { "id": 39, "path": "d3-timeline>vashify>vash>uglify-js", "dev": false, "optional": false, "bundled": false }, { "id": 48, "path": "d3-timeline>vashify>vash>uglify-js", "dev": false, "optional": false, "bundled": false } ] }, { "action": "review", "module": "lodash", "resolves": [ { "id": 577, "path": "d3-timeline>lodash", "dev": false, "optional": false, "bundled": false } ] }, { "action": "review", "module": "hawk", "resolves": [ { "id": 77, "path": "d3-timeline>node-lessify>less>request>hawk", "dev": false, "optional": true, "bundled": false } ] }, { "action": "review", "module": "tunnel-agent", "resolves": [ { "id": 598, "path": "d3-timeline>node-lessify>less>request>tunnel-agent", "dev": false, "optional": true, "bundled": false } ] } ], "advisories": { "39": { "findings": [ { "version": "1.0.6", "paths": [ "d3-timeline>vashify>vash>uglify-js" ], "dev": false, "optional": false, "bundled": false } ], "id": 39, "created": "2015-10-17T19:41:46.382Z", "updated": "2018-02-24T00:13:52.640Z", "deleted": null, "title": "Incorrect Handling of Non-Boolean Comparisons During Minification", "found_by": { "name": "Tom MacWright" }, "reported_by": { "name": "Tom MacWright" }, "module_name": "uglify-js", "cves": [ "CVE-2015-8857" ], "vulnerable_versions": "<= 2.4.23", "patched_versions": ">= 2.4.24", "overview": "Versions of `uglify-js` prior to 2.4.24 are affected by a vulnerability which may cause crafted JavaScript to have altered functionality after minification.\n\n", "recommendation": "Upgrade UglifyJS to version >= 2.4.24.", "references": "[Backdooring JS - Yan Zhu(@bcrypt)](https://zyan.scripts.mit.edu[Backdooring JS - Yan Zhu(@bcrypt)]/blog/backdooring-js/)\n[Issue #751](https://github.com/mishoo/UglifyJS2/issues/751)", "access": "public", "severity": "low", "cwe": "CWE-95", "metadata": { "module_type": "Multi.Compiler", "exploitability": 2, "affected_components": "" }, "url": "https://npmjs.com/advisories/39" }, "48": { "findings": [ { "version": "1.0.6", "paths": [ "d3-timeline>vashify>vash>uglify-js" ], "dev": false, "optional": false, "bundled": false } ], "id": 48, "created": "2015-10-24T17:58:34.232Z", "updated": "2018-02-24T00:59:58.129Z", "deleted": null, "title": "Regular Expression Denial of Service", "found_by": { "name": "Adam Baldwin" }, "reported_by": { "name": "Adam Baldwin" }, "module_name": "uglify-js", "cves": [ "CVE-2015-8858" ], "vulnerable_versions": "<2.6.0", "patched_versions": ">=2.6.0", "overview": "Versions of `uglify-js` prior to 2.6.0 are affected by a regular expression denial of service vulnerability when malicious inputs are passed into the `parse()` method.\n\n\n### Proof of Concept\n\n```\nvar u = require('uglify-js');\nvar genstr = function (len, chr) {\n var result = \"\";\n for (i=0; i<=len; i++) {\n result = result + chr;\n }\n\n return result;\n}\n\nu.parse(\"var a = \" + genstr(process.argv[2], \"1\") + \".1ee7;\");\n```\n\n### Results\n```\n$ time node test.js 10000\nreal\t0m1.091s\nuser\t0m1.047s\nsys\t0m0.039s\n\n$ time node test.js 80000\nreal\t0m6.486s\nuser\t0m6.229s\nsys\t0m0.094s\n```", "recommendation": "Update to version 2.6.0 or later.", "references": "", "access": "public", "severity": "low", "cwe": "CWE-400", "metadata": { "module_type": "CLI.Compiler", "exploitability": 3, "affected_components": "Internal::Code::Method::parse([*])" }, "url": "https://npmjs.com/advisories/48" }, "77": { "findings": [ { "version": "1.1.1", "paths": [ "d3-timeline>node-lessify>less>request>hawk" ], "dev": false, "optional": true, "bundled": false } ], "id": 77, "created": "2016-01-19T21:50:30.175Z", "updated": "2018-02-26T22:47:26.285Z", "deleted": null, "title": "Regular Expression Denial of Service", "found_by": { "name": "Adam Baldwin" }, "reported_by": { "name": "Adam Baldwin" }, "module_name": "hawk", "cves": [ "CVE-2016-2515" ], "vulnerable_versions": "< 3.1.3 || >= 4.0.0 <4.1.1", "patched_versions": ">=3.1.3 < 4.0.0 || >=4.1.1", "overview": "Versions of `hawk` prior to 3.1.3, or 4.x prior to 4.1.1 are affected by a regular expression denial of service vulnerability related to excessively long headers and URI's.\n", "recommendation": "Update to hawk version 4.1.1 or later.", "references": "[Issue #168](https://github.com/hueniverse/hawk/issues/168)", "access": "public", "severity": "moderate", "cwe": "CWE-400", "metadata": { "module_type": "Network.Library", "exploitability": 5, "affected_components": "" }, "url": "https://npmjs.com/advisories/77" }, "535": { "findings": [ { "version": "1.2.11", "paths": [ "d3-timeline>node-lessify>less>mime", "d3-timeline>node-lessify>less>request>form-data>mime" ], "dev": false, "optional": true, "bundled": false } ], "id": 535, "created": "2017-09-25T19:02:28.152Z", "updated": "2018-04-09T00:38:22.785Z", "deleted": null, "title": "Regular Expression Denial of Service", "found_by": { "name": "Cristian-Alexandru Staicu" }, "reported_by": { "name": "Cristian-Alexandru Staicu" }, "module_name": "mime", "cves": [ "CVE-2017-16138" ], "vulnerable_versions": "< 1.4.1 || > 2.0.0 < 2.0.3", "patched_versions": ">= 1.4.1 < 2.0.0 || >= 2.0.3", "overview": "Affected versions of `mime` are vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.", "recommendation": "Update to version 2.0.3 or later.", "references": "[Issue #167](https://github.com/broofa/node-mime/issues/167)", "access": "public", "severity": "moderate", "cwe": "CWE-400", "metadata": { "module_type": "Multi.Library", "exploitability": 4, "affected_components": "" }, "url": "https://npmjs.com/advisories/535" }, "566": { "findings": [ { "version": "0.9.1", "paths": [ "d3-timeline>node-lessify>less>request>hawk>boom>hoek", "d3-timeline>node-lessify>less>request>hawk>cryptiles>boom>hoek", "d3-timeline>node-lessify>less>request>hawk>hoek", "d3-timeline>node-lessify>less>request>hawk>sntp>hoek" ], "dev": false, "optional": true, "bundled": false } ], "id": 566, "created": "2018-04-20T21:25:58.421Z", "updated": "2018-04-20T21:25:58.421Z", "deleted": null, "title": "Prototype pollution", "found_by": { "name": "HoLyVieR" }, "reported_by": { "name": "HoLyVieR" }, "module_name": "hoek", "cves": [], "vulnerable_versions": "<= 4.2.0 || >= 5.0.0 < 5.0.3", "patched_versions": "> 4.2.0 < 5.0.0 || >= 5.0.3", "overview": "Versions of `hoek` prior to 4.2.1 and 5.0.3 are vulnerable to prototype pollution.\n\nThe `merge` function, and the `applyToDefaults` and `applyToDefaultsWithShallow` functions which leverage `merge` behind the scenes, are vulnerable to a prototype pollution attack when provided an _unvalidated_ payload created from a JSON string containing the `__proto__` property.\n\nThis can be demonstrated like so:\n\n```javascript\nvar Hoek = require('hoek');\nvar malicious_payload = '{\"__proto__\":{\"oops\":\"It works !\"}}';\n\nvar a = {};\nconsole.log(\"Before : \" + a.oops);\nHoek.merge({}, JSON.parse(malicious_payload));\nconsole.log(\"After : \" + a.oops);\n```\n\nThis type of attack can be used to overwrite existing properties causing a potential denial of service.", "recommendation": "Update to version 4.2.1, 5.0.3 or later.", "references": "", "access": "public", "severity": "moderate", "cwe": "CWE-471", "metadata": { "module_type": "", "exploitability": 5, "affected_components": "" }, "url": "https://npmjs.com/advisories/566" }, "577": { "findings": [ { "version": "3.10.1", "paths": [ "d3-timeline>lodash" ], "dev": false, "optional": false, "bundled": false } ], "id": 577, "created": "2018-04-24T14:27:02.796Z", "updated": "2018-04-24T14:27:13.049Z", "deleted": null, "title": "Prototype Pollution", "found_by": { "name": "Olivier Arteau (HoLyVieR)" }, "reported_by": { "name": "Olivier Arteau (HoLyVieR)" }, "module_name": "lodash", "cves": [ "CVE-2018-3721" ], "vulnerable_versions": "<4.17.5", "patched_versions": ">=4.17.5", "overview": "Versions of `lodash` before 4.17.5 are vulnerable to prototype pollution. \n\nThe vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of `Object` via `__proto__` causing the addition or modification of an existing property that will exist on all objects.\n\n", "recommendation": "Update to version 4.17.5 or later.", "references": "- [HackerOne Report](https://hackerone.com/reports/310443)", "access": "public", "severity": "low", "cwe": "CWE-471", "metadata": { "module_type": "", "exploitability": 1, "affected_components": "" }, "url": "https://npmjs.com/advisories/577" }, "598": { "findings": [ { "version": "0.4.3", "paths": [ "d3-timeline>node-lessify>less>request>tunnel-agent" ], "dev": false, "optional": true, "bundled": false } ], "id": 598, "created": "2018-04-24T20:30:16.099Z", "updated": "2018-04-24T20:31:15.816Z", "deleted": null, "title": "Memory Exposure", "found_by": { "name": "Сковорода Никита Андреевич" }, "reported_by": { "name": "Сковорода Никита Андреевич" }, "module_name": "tunnel-agent", "cves": [], "vulnerable_versions": "<0.6.0", "patched_versions": ">=0.6.0", "overview": "Versions of `tunnel-agent` before 0.6.0 are vulnerable to memory exposure.\n\nThis is exploitable if user supplied input is provided to the auth value and is a number.\n\nProof-of-concept:\n```js\nrequire('request')({\n method: 'GET',\n uri: 'http://www.example.com',\n tunnel: true,\n proxy:{\n protocol: 'http:',\n host:'127.0.0.1',\n port:8080,\n auth:USERSUPPLIEDINPUT // number\n }\n});\n```", "recommendation": "Update to version 0.6.0 or later.", "references": "- [GitHub Commit #9ca95ec](https://github.com/request/tunnel-agent/commit/9ca95ec7219daface8a6fc2674000653de0922c0)\n- [Proof of Concept](https://gist.github.com/ChALkeR/fd6b2c445834244e7d440a043f9d2ff4)", "access": "public", "severity": "moderate", "cwe": "CWE-20", "metadata": { "module_type": "", "exploitability": 3, "affected_components": "" }, "url": "https://npmjs.com/advisories/598" } }, "muted": [], "metadata": { "vulnerabilities": { "info": 0, "low": 3, "moderate": 8, "high": 0, "critical": 0 }, "dependencies": 611, "devDependencies": 13697, "optionalDependencies": 242, "totalDependencies": 14356 }, "runId": "a54c0ce2-bb9b-4eb6-be31-42e48c5cbae6" }The text was updated successfully, but these errors were encountered: