RetireJS / retire.js

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

https://retirejs.github.io/retire.js/

bootstrap vulnerability CVE-2024-6531 should have version range ending 4.6.2 not 999

dryfish opened this issue 13 days ago · comments

John Wright commented 13 days ago

As listed in the links just added in 97e894a (GHSA-vc8w-jr9v-vj7f and https://www.herodevs.com/vulnerability-directory/cve-2024-6531) the affected version range is >= 4.0.0, <= 4.6.2 whereas the commit above lists >= 4.0.0, <= 999

John Wright commented 13 days ago

Additionally, bootstrap CVE-2024-6484 should be >= 2.0.0, <= 3.4.1 as detailed at https://www.herodevs.com/vulnerability-directory/cve-2024-6484