Security Vulnerabilities - api-spec-transformer


(Vanessa D'Silva) #1

We are using api-spec transformer version 0.2.6. We have identified security vulnerabilities identified in direct and transitive dependencies. Attached vulnerability details for reference.

artifactID Vulnerability name
cryptiles-0.2.2.tgz - CVE-2018-1000620
cryptiles-2.0.5.tgz - CVE-2018-1000620
sshpk-1.13.0.tgz - WS-2018-0084
hawk-1.1.1.tgz - CVE-2016-2515
tough-cookie-0.12.1.tgz -CVE-2017-15010
marked-0.3.6.tgz - CVE-2017-16114
tough-cookie-2.3.2.tgz - CVE-2017-15010
marked-0.3.6.tgz - WS-2017-0108
base64url-1.0.6.tgz WS-2018-0096
hoek-0.9.1.tgz CVE-2018-3728
hoek-2.16.3.tgz CVE-2018-3728
lodash-4.17.4.tgz CVE-2018-3721
request-2.51.0.tgz WS-2016-0025
marked-0.3.6.tgz CVE-2017-1000427
bl-0.9.4.tgz WS-2016-0059
http-signature-0.10.1.tgz WS-2017-0266
tough-cookie-0.12.1.tgz CVE-2016-1000232
debug-2.6.8.tgz CVE-2017-16137
stringstream-0.0.4.tgz WS-2018-0103
stringstream-0.0.5.tgz WS-2018-0103
bl-0.9.4.tgz WS-2018-0074
tunnel-agent-0.4.0.tgz WS-2018-0076
concat-stream-1.4.10.tgz WS-2018-0075
node-uuid-1.4.2.tgz WS-2016-0013
lodash-4.17.4.tgz WS-2018-0210

Please can you support with resolution of these issues.


(system) #2

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.