Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 28 additions & 7 deletions audit-ci.jsonc
Original file line number Diff line number Diff line change
Expand Up @@ -16,21 +16,42 @@
"GHSA-wprv-93r4-jj2p",
// Open Zeppelin: Base64 encoding may read from potentially dirty memory
"GHSA-9vx6-7xxf-x967",
// Server-Side Request Forgery in axios
"GHSA-8hc4-vh64-cxmj",
// cookie accepts cookie name, path, and domain with out of bounds characters
"GHSA-pxg6-pf52-xh8x",
// axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
"GHSA-jr5f-v2jv-69x6",
// tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
"GHSA-52f5-9888-hmc6",
// Axios is vulnerable to DoS attack through lack of data size check
"GHSA-4hjh-wcwx-xvwj",
// Elliptic Uses a Cryptographic Primitive with a Risky Implementation
"GHSA-848j-6mx2-7j84",
// jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch
"GHSA-73rr-hh4g-fpgx",
// Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion
"GHSA-g9mf-h72j-4rw9"
"GHSA-g9mf-h72j-4rw9",
// Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig
// (axios is a dependency of hardhat-deploy and hardhat-gas-reporter)
"GHSA-43fc-jf86-j433",
// bn.js affected by an infinite loop
// (bn.js is a dependency of ethers, which is a dependency of hardhat)
"GHSA-378v-28hj-76wf",
// Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()
// (serialize-javascript is a dependency of mocha, which is a dependency of hardhat)
"GHSA-5c6j-r48x-rmvq",
// Undici has an HTTP Request/Response Smuggling issue
// (undici is a dependency of hardhat and hardhat-verify)
"GHSA-2mjp-6q6p-2qxm",
// Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression
// (undici is a dependency of hardhat and hardhat-verify)
"GHSA-vrm6-8vpv-qv8q",
// Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation
// (undici is a dependency of hardhat and hardhat-verify)
"GHSA-v9p9-hfj2-hcw8",
// Undici has CRLF Injection in undici via `upgrade` option
// (undici is a dependency of hardhat and hardhat-verify)
"GHSA-4992-7rv2-5pvq",
// Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions
// (lodash is a dependency of synp, which is a dependency of yarn-audit-fix)
"GHSA-xxjr-mmjv-4gpg",
// ajv has ReDoS when using `$data` option
// (ajv is a dependency of hardhat)
"GHSA-2g4f-4pwh-qvx6"
]
}
Loading
Loading