Update dependency opentok to v2.17.0 (develop) #865
Security Report
❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.
general
https://vonagecc.jfrog.io/artifactory
| Step | Level | Description | Details |
|---|---|---|---|
| Checking registry connectivity | ⚠Warn | Unsupported configuration was provided | Unsupported registry hostType gradle, skipped |
https://vonagecc.jfrog.io/artifactory/maven
| Step | Level | Description | Details |
|---|---|---|---|
| Checking registry connectivity | ⚠Warn | Unsupported configuration was provided | Unsupported registry hostType gradle, skipped |
| CVE | Severity |  CVSS Score |
Exploit Maturity | EPSS | Vulnerable Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|---|
CVE-2022-3517Path to dependency file: /package.json Path to vulnerable library: /node_modules/minimatch/package.json Dependency Hierarchy: -> grunt-1.3.0.tgz (Root Library) -> ❌ minimatch-3.0.4.tgz (Vulnerable Library) |
 High |
7.5 | Not Defined | 0.2% | minimatch-3.0.4.tgz | Upgrade to version: minimatch - 3.0.5 | #788 |
|
CVE-2022-24999Path to dependency file: /package.json Path to vulnerable library: /node_modules/qs/package.json Dependency Hierarchy: -> ❌ qs-6.9.4.tgz (Vulnerable Library) |
High |
7.5 | Not Defined | 0.9% | qs-6.9.4.tgz | Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 | #829 |
|
CVE-2022-24999Path to dependency file: /package.json Path to vulnerable library: /node_modules/body-parser/node_modules/qs/package.json,/node_modules/express/node_modules/qs/package.json Dependency Hierarchy: -> express-4.17.1.tgz (Root Library) -> ❌ qs-6.7.0.tgz (Vulnerable Library) |
High |
7.5 | Not Defined | 0.9% | qs-6.7.0.tgz | Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 | #828 |
|
CVE-2022-24772Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-forge/package.json Dependency Hierarchy: -> google-auth-library-6.1.3.tgz (Root Library) -> gtoken-5.1.0.tgz -> google-p12-pem-3.0.3.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
High |
7.5 | Not Defined | 0.1% | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.3.0 | #787 |
|
CVE-2022-24771Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-forge/package.json Dependency Hierarchy: -> google-auth-library-6.1.3.tgz (Root Library) -> gtoken-5.1.0.tgz -> google-p12-pem-3.0.3.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
High |
7.5 | Not Defined | 0.1% | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.3.0 | #787 |
|
CVE-2022-24434Path to dependency file: /package.json Path to vulnerable library: /node_modules/dicer/package.json Dependency Hierarchy: -> swagger-boilerplate-0.1.6.tgz (Root Library) -> multer-1.4.2.tgz -> busboy-0.2.14.tgz -> ❌ dicer-0.2.5.tgz (Vulnerable Library) |
High |
7.5 | Not Defined | 0.2% | dicer-0.2.5.tgz | #786 |
|
|
WS-2018-0590Path to dependency file: /package.json Path to vulnerable library: /node_modules/diff/package.json Dependency Hierarchy: -> grunt-autoprefixer-3.0.4.tgz (Root Library) -> ❌ diff-1.3.2.tgz (Vulnerable Library) |
High |
7.1 | Not Defined | diff-1.3.2.tgz | Upgrade to version: 3.5.0 | #789 |
|
|
WS-2022-0008Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-forge/package.json Dependency Hierarchy: -> google-auth-library-6.1.3.tgz (Root Library) -> gtoken-5.1.0.tgz -> google-p12-pem-3.0.3.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
 Medium |
6.6 | Not Defined | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.0.0 | #787 |
|
|
CVE-2024-28849Path to dependency file: /package.json Path to vulnerable library: /node_modules/follow-redirects/package.json Dependency Hierarchy: -> swagger-boilerplate-0.1.6.tgz (Root Library) -> node-rest-client-3.1.0.tgz -> ❌ follow-redirects-1.13.0.tgz (Vulnerable Library) |
Medium |
6.5 | Not Defined | 0.0% | follow-redirects-1.13.0.tgz | Upgrade to version: follow-redirects - 1.15.6 | #786 |
|
CVE-2022-0155Path to dependency file: /package.json Path to vulnerable library: /node_modules/follow-redirects/package.json Dependency Hierarchy: -> swagger-boilerplate-0.1.6.tgz (Root Library) -> node-rest-client-3.1.0.tgz -> ❌ follow-redirects-1.13.0.tgz (Vulnerable Library) |
Medium |
6.5 | Not Defined | 0.1% | follow-redirects-1.13.0.tgz | Upgrade to version: follow-redirects - v1.14.7 | #786 |
|
CVE-2024-29041Path to dependency file: /package.json Path to vulnerable library: /node_modules/express/package.json Dependency Hierarchy: -> ❌ express-4.17.1.tgz (Vulnerable Library) |
Medium |
6.1 | Not Defined | 0.0% | express-4.17.1.tgz | Upgrade to version: express - 4.19.0 | #828 |
|
CVE-2023-26159Path to dependency file: /package.json Path to vulnerable library: /node_modules/follow-redirects/package.json Dependency Hierarchy: -> swagger-boilerplate-0.1.6.tgz (Root Library) -> node-rest-client-3.1.0.tgz -> ❌ follow-redirects-1.13.0.tgz (Vulnerable Library) |
Medium |
6.1 | Not Defined | 0.1% | follow-redirects-1.13.0.tgz | Upgrade to version: follow-redirects - 1.15.4 | #786 |
|
CVE-2022-0235Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-fetch/package.json Dependency Hierarchy: -> google-auth-library-6.1.3.tgz (Root Library) -> gaxios-4.0.1.tgz -> ❌ node-fetch-2.6.1.tgz (Vulnerable Library) |
Medium |
6.1 | Not Defined | 0.4% | node-fetch-2.6.1.tgz | Upgrade to version: node-fetch - 2.6.7,3.1.1 | #787 |
|
CVE-2022-0122Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-forge/package.json Dependency Hierarchy: -> google-auth-library-6.1.3.tgz (Root Library) -> gtoken-5.1.0.tgz -> google-p12-pem-3.0.3.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
Medium |
6.1 | Not Defined | 0.1% | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.0.0 | #787 |
|
CVE-2022-0536Path to dependency file: /package.json Path to vulnerable library: /node_modules/follow-redirects/package.json Dependency Hierarchy: -> swagger-boilerplate-0.1.6.tgz (Root Library) -> node-rest-client-3.1.0.tgz -> ❌ follow-redirects-1.13.0.tgz (Vulnerable Library) |
Medium |
5.9 | Not Defined | 0.1% | follow-redirects-1.13.0.tgz | Upgrade to version: follow-redirects - 1.14.8 | #786 |
|
CVE-2023-0842Path to dependency file: /package.json Path to vulnerable library: /node_modules/xml2js/package.json Dependency Hierarchy: -> swagger-boilerplate-0.1.6.tgz (Root Library) -> node-rest-client-3.1.0.tgz -> ❌ xml2js-0.4.23.tgz (Vulnerable Library) |
Medium |
5.3 | Not Defined | 0.1% | xml2js-0.4.23.tgz | Upgrade to version: xml2js - 0.5.0 | #786 |
|
CVE-2022-24773Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-forge/package.json Dependency Hierarchy: -> google-auth-library-6.1.3.tgz (Root Library) -> gtoken-5.1.0.tgz -> google-p12-pem-3.0.3.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
Medium |
5.3 | Not Defined | 0.1% | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.3.0 | #787 |
|
WS-2021-0153Path to dependency file: /package.json Path to vulnerable library: /node_modules/ejs/package.json Dependency Hierarchy: -> ❌ ejs-3.1.5.tgz (Vulnerable Library) |
 Critical |
9.8 | Not Defined | ejs-3.1.5.tgz | Upgrade to version: ejs - 3.1.6 | #797 |
|
|
CVE-2022-37602Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-karma/package.json Dependency Hierarchy: -> ❌ grunt-karma-4.0.0.tgz (Vulnerable Library) |
Critical |
9.8 | Not Defined | 0.2% | grunt-karma-4.0.0.tgz | #817 |
|
|
CVE-2022-29078Path to dependency file: /package.json Path to vulnerable library: /node_modules/ejs/package.json Dependency Hierarchy: -> ❌ ejs-3.1.5.tgz (Vulnerable Library) |
Critical |
9.8 | Not Defined | 42.5% | ejs-3.1.5.tgz | Upgrade to version: ejs - v3.1.7 | #797 |
|
CVE-2021-44906Path to dependency file: /package.json Path to vulnerable library: /node_modules/minimist/package.json Dependency Hierarchy: -> grunt-contrib-compress-1.6.0.tgz (Root Library) -> iltorb-2.4.5.tgz -> prebuild-install-5.3.6.tgz -> ❌ minimist-1.2.5.tgz (Vulnerable Library) |
Critical |
9.8 | Not Defined | 1.2% | minimist-1.2.5.tgz | Upgrade to version: minimist - 0.2.4,1.2.6 | #792 |
|
CVE-2020-28282Path to dependency file: /package.json Path to vulnerable library: /node_modules/getobject/package.json Dependency Hierarchy: -> grunt-1.3.0.tgz (Root Library) -> grunt-legacy-util-2.0.0.tgz -> ❌ getobject-0.1.0.tgz (Vulnerable Library) |
Critical |
9.8 | Not Defined | 0.70000005% | getobject-0.1.0.tgz | Upgrade to version: getobject - 1.0.0 | #788 |
|
CVE-2019-10744Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json Dependency Hierarchy: -> grunt-bower-task-0.5.0.tgz (Root Library) -> ❌ lodash-0.10.0.tgz (Vulnerable Library) |
Critical |
9.1 | Not Defined | 1.5% | lodash-0.10.0.tgz | Upgrade to version: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0 | #796 |
|
CVE-2021-43138Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-contrib-connect/node_modules/async/package.json Dependency Hierarchy: -> grunt-contrib-connect-3.0.0.tgz (Root Library) -> ❌ async-3.2.0.tgz (Vulnerable Library) |
High |
7.8 | Not Defined | 0.1% | async-3.2.0.tgz | Upgrade to version: async - 2.6.4,3.2.2 | #799 |
|
CVE-2021-43138Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-contrib-clean/node_modules/async/package.json,/node_modules/grunt-bower-task/node_modules/async/package.json,/node_modules/archiver/node_modules/async/package.json,/node_modules/grunt-contrib-watch/node_modules/async/package.json,/node_modules/grunt-contrib-less/node_modules/async/package.json,/node_modules/portscanner/node_modules/async/package.json,/node_modules/geoip-lite/node_modules/async/package.json Dependency Hierarchy: -> geoip-lite-1.4.2.tgz (Root Library) -> ❌ async-2.6.3.tgz (Vulnerable Library) |
High |
7.8 | Not Defined | 0.1% | async-2.6.3.tgz | Upgrade to version: async - 2.6.4,3.2.2 | #812 |
|
CVE-2022-38900Path to dependency file: /package.json Path to vulnerable library: /node_modules/decode-uri-component/package.json Dependency Hierarchy: -> grunt-cli-1.3.2.tgz (Root Library) -> liftoff-2.5.0.tgz -> findup-sync-2.0.0.tgz -> micromatch-3.1.10.tgz -> snapdragon-0.8.2.tgz -> source-map-resolve-0.5.3.tgz -> ❌ decode-uri-component-0.2.0.tgz (Vulnerable Library) |
High |
7.5 | Not Defined | 0.2% | decode-uri-component-0.2.0.tgz | Upgrade to version: decode-uri-component - 0.2.1 | #798 |
|
CVE-2022-25883Path to dependency file: /package.json Path to vulnerable library: /node_modules/semver/package.json Dependency Hierarchy: -> grunt-html-build-0.7.1.tgz (Root Library) -> js-beautify-1.13.0.tgz -> editorconfig-0.15.3.tgz -> ❌ semver-5.7.1.tgz (Vulnerable Library) |
High |
7.5 | Not Defined | 0.1% | semver-5.7.1.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | #795 |
|
CVE-2022-25858Path to dependency file: /package.json Path to vulnerable library: /node_modules/terser/package.json Dependency Hierarchy: -> grunt-terser-1.0.0.tgz (Root Library) -> ❌ terser-4.8.0.tgz (Vulnerable Library) |
High |
7.5 | Not Defined | 0.2% | terser-4.8.0.tgz | Upgrade to version: terser - 4.8.1,5.14.2 | #813 |
|
CVE-2022-0355Path to dependency file: /package.json Path to vulnerable library: /node_modules/simple-get/package.json Dependency Hierarchy: -> grunt-contrib-compress-1.6.0.tgz (Root Library) -> iltorb-2.4.5.tgz -> prebuild-install-5.3.6.tgz -> ❌ simple-get-3.1.0.tgz (Vulnerable Library) |
High |
7.5 | Not Defined | 0.2% | simple-get-3.1.0.tgz | Upgrade to version: simple-get - 4.0.1 | #792 |
|
CVE-2021-23382Path to dependency file: /package.json Path to vulnerable library: /node_modules/postcss/package.json Dependency Hierarchy: -> grunt-autoprefixer-3.0.4.tgz (Root Library) -> ❌ postcss-4.1.16.tgz (Vulnerable Library) |
High |
7.5 | Not Defined | 0.2% | postcss-4.1.16.tgz | Upgrade to version: postcss - 8.2.13 | #789 |
|
CVE-2017-20165Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-rest-client/node_modules/debug/package.json Dependency Hierarchy: -> swagger-boilerplate-0.1.6.tgz (Root Library) -> node-rest-client-3.1.0.tgz -> ❌ debug-2.2.0.tgz (Vulnerable Library) |
High |
7.5 | Not Defined | 0.6% | debug-2.2.0.tgz | Upgrade to version: debug - 2.6.9,3.1.0 | #786 |
|
CVE-2020-8203Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json Dependency Hierarchy: -> grunt-bower-task-0.5.0.tgz (Root Library) -> ❌ lodash-0.10.0.tgz (Vulnerable Library) |
High |
7.4 | Not Defined | 1.0% | lodash-0.10.0.tgz | Upgrade to version: lodash - 4.17.19 | #796 |
|
CVE-2022-1537Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt/package.json Dependency Hierarchy: -> ❌ grunt-1.3.0.tgz (Vulnerable Library) |
High |
7.0 | Not Defined | 0.0% | grunt-1.3.0.tgz | Upgrade to version: grunt - v1.5.3 | #788 |
|
CVE-2019-1010266Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json Dependency Hierarchy: -> grunt-bower-task-0.5.0.tgz (Root Library) -> ❌ lodash-0.10.0.tgz (Vulnerable Library) |
Medium |
6.5 | Not Defined | 0.3% | lodash-0.10.0.tgz | Upgrade to version: lodash-4.17.11 | #796 |
|
CVE-2018-3721Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json Dependency Hierarchy: -> grunt-bower-task-0.5.0.tgz (Root Library) -> ❌ lodash-0.10.0.tgz (Vulnerable Library) |
Medium |
6.5 | Not Defined | 0.1% | lodash-0.10.0.tgz | Upgrade to version: lodash 4.17.5 | #796 |
|
CVE-2018-16487Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json Dependency Hierarchy: -> grunt-bower-task-0.5.0.tgz (Root Library) -> ❌ lodash-0.10.0.tgz (Vulnerable Library) |
Medium |
5.6 | Not Defined | 0.1% | lodash-0.10.0.tgz | Upgrade to version: lodash 4.17.11 | #796 |
|
CVE-2022-0436Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt/package.json Dependency Hierarchy: -> ❌ grunt-1.3.0.tgz (Vulnerable Library) |
Medium |
5.5 | Not Defined | 0.0% | grunt-1.3.0.tgz | Upgrade to version: grunt - 1.5.1 | #788 |
|
CVE-2017-20162Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-rest-client/node_modules/ms/package.json Dependency Hierarchy: -> swagger-boilerplate-0.1.6.tgz (Root Library) -> node-rest-client-3.1.0.tgz -> debug-2.2.0.tgz -> ❌ ms-0.7.1.tgz (Vulnerable Library) |
Medium |
5.3 | Not Defined | 0.1% | ms-0.7.1.tgz | Upgrade to version: ms - 2.0.0 | #786 |
|
CVE-2017-16137Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-rest-client/node_modules/debug/package.json Dependency Hierarchy: -> swagger-boilerplate-0.1.6.tgz (Root Library) -> node-rest-client-3.1.0.tgz -> ❌ debug-2.2.0.tgz (Vulnerable Library) |
 Low |
3.7 | Not Defined | 0.3% | debug-2.2.0.tgz | Upgrade to version: debug - 2.6.9,3.1.0,3.2.7,4.3.1 | #786 |
|
CVE-2021-23337Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json Dependency Hierarchy: -> grunt-bower-task-0.5.0.tgz (Root Library) -> ❌ lodash-0.10.0.tgz (Vulnerable Library) |
High |
7.2 | Not Defined | 0.6% | lodash-0.10.0.tgz | Upgrade to version: lodash - 4.17.21, lodash-es - 4.17.21 | #796 | |
CVE-2021-23337Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/async/node_modules/lodash/package.json Dependency Hierarchy: -> grunt-bower-task-0.5.0.tgz (Root Library) -> async-2.6.3.tgz -> ❌ lodash-4.17.20.tgz (Vulnerable Library) |
High |
7.2 | Not Defined | 0.6% | lodash-4.17.20.tgz | Upgrade to version: lodash - 4.17.21, lodash-es - 4.17.21 | #796 | |
CVE-2020-28500Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json Dependency Hierarchy: -> grunt-bower-task-0.5.0.tgz (Root Library) -> ❌ lodash-0.10.0.tgz (Vulnerable Library) |
Medium |
5.3 | Not Defined | 0.2% | lodash-0.10.0.tgz | Upgrade to version: lodash - 4.17.21 | #796 | |
CVE-2020-28500Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/async/node_modules/lodash/package.json Dependency Hierarchy: -> grunt-bower-task-0.5.0.tgz (Root Library) -> async-2.6.3.tgz -> ❌ lodash-4.17.20.tgz (Vulnerable Library) |
Medium |
5.3 | Not Defined | 0.2% | lodash-4.17.20.tgz | Upgrade to version: lodash - 4.17.21 | #796 |
Total libraries scanned: 562
Scan token: 59ed4fe53cbf49be95747d6756915534