chore(deps): update dependency express to v4.20.0 (develop) #861
Security Report
❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.
Scan Details Report
general
https://vonagecc.jfrog.io/artifactory
| Step | Level | Description | Details |
|---|---|---|---|
| Checking registry connectivity | ⚠Warn | Unsupported configuration was provided | unsupported host type gradle, skipped |
You have successfully remediated 4 vulnerabilities, but introduced 2 new vulnerabilities in this branch.❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Exploit Maturity | EPSS | Vulnerable Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|---|
CVE-2024-47764Path to dependency file: /package.json Path to vulnerable library: /node_modules/cookie/package.json Dependency Hierarchy: -> express-4.20.0.tgz (Root Library) -> ❌ cookie-0.6.0.tgz (Vulnerable Library) |
 Medium |
5.3 | Not Defined | 0.0% | cookie-0.6.0.tgz | Upgrade to version: cookie - 0.7.0 | None |
|
CVE-2024-43799Path to dependency file: /package.json Path to vulnerable library: /node_modules/express/node_modules/serve-static/node_modules/send/package.json Dependency Hierarchy: -> express-4.20.0.tgz (Root Library) -> serve-static-1.16.0.tgz -> ❌ send-0.18.0.tgz (Vulnerable Library) |
Medium |
5.0 | Not Defined | 0.0% | send-0.18.0.tgz | Upgrade to version: send - 0.19.0 | None |
|
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2024-45296 | path-to-regexp-0.1.7.tgz |
| CVE-2024-47764 | cookie-0.4.0.tgz |
| CVE-2024-29041 | express-4.17.1.tgz |
| CVE-2024-43796 | express-4.17.1.tgz |
Base branch total remaining vulnerabilities: 58
Base branch commit: 6a1e70fad7c7a076ffded3056b3a1028e23b826e
Total libraries scanned: 614
Scan token: 357f498866dd47ce965bbf2b761138b5