CVE-2022-24304 (High) detected in multiple libraries - autoclosed
mend-bolt-for-github opened this issue · comments
CVE-2022-24304 - High Severity Vulnerability
Vulnerable Libraries - mongoose-5.7.5.tgz, mongoose-5.2.4.tgz, mongoose-5.2.5.tgz
mongoose-5.7.5.tgz
Mongoose MongoDB ODM
Library home page: https://registry.npmjs.org/mongoose/-/mongoose-5.7.5.tgz
Path to dependency file: /Section13-Creating-JSON-APIs-With-Node-and-Mongo/todos_api/package.json
Path to vulnerable library: /Section13-Creating-JSON-APIs-With-Node-and-Mongo/todos_api/node_modules/mongoose/package.json
Dependency Hierarchy:
- ❌ mongoose-5.7.5.tgz (Vulnerable Library)
mongoose-5.2.4.tgz
Mongoose MongoDB ODM
Library home page: https://registry.npmjs.org/mongoose/-/mongoose-5.2.4.tgz
Path to dependency file: /Section33-In-Depth-Redux-Code-Walkthrough/react-todos-backend/package.json
Path to vulnerable library: /Section33-In-Depth-Redux-Code-Walkthrough/react-todos-backend/node_modules/mongoose/package.json,/Section33-In-Depth-Redux-Code-Walkthrough/react-todos-backend/node_modules/mongoose/package.json
Dependency Hierarchy:
- ❌ mongoose-5.2.4.tgz (Vulnerable Library)
mongoose-5.2.5.tgz
Mongoose MongoDB ODM
Library home page: https://registry.npmjs.org/mongoose/-/mongoose-5.2.5.tgz
Path to dependency file: /Section34-37-Warbler-Final-Project/warbler/warbler-server/package.json
Path to vulnerable library: /Section34-37-Warbler-Final-Project/warbler/warbler-server/node_modules/mongoose/package.json
Dependency Hierarchy:
- ❌ mongoose-5.2.5.tgz (Vulnerable Library)
Found in HEAD commit: d80f181a2f4dd1169fbef38813309ffdd4ad82d4
Found in base branch: master
Vulnerability Details
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2564. Reason: This candidate is a duplicate of CVE-2022-2564. Notes: All CVE users should reference CVE-2022-2564 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Publish Date: 2022-08-26
URL: CVE-2022-24304
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Step up your Open Source Security Game with Mend here
✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.