From 66149d7fe66dc00ec94828765fe9239d29851e0f Mon Sep 17 00:00:00 2001 From: Krys Wisnaskas Date: Tue, 27 Aug 2024 17:54:49 -0400 Subject: [PATCH 01/18] Test PR extraction --- .circleci/config.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 9739f838a8..39d83bcdd3 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -572,6 +572,35 @@ parameters: type: boolean default: false jobs: + test_pr_extraction: + executor: docker-executor + steps: + - run: + name: Check Pull Request Environment Variable + command: | + if [ -z "${CIRCLE_PULL_REQUEST}" ]; then + echo "CIRCLE_PULL_REQUEST is not set. This job is likely not running in a pull request context." + exit 1 + else + echo "CIRCLE_PULL_REQUEST is set to: ${CIRCLE_PULL_REQUEST}" + fi + + PR_NUMBER=${CIRCLE_PULL_REQUEST##*/} + + PR_TITLE=$(curl -s "${CIRCLE_PULL_REQUEST}" | sed -e :a -e "N; s/\n/ /g; ta" | grep -oP "[^<]+" | sed -re "s~<[^>]+>~~g") + + if [ ! -z "${PR_TITLE}" ]; then + JIRA_URLS=$(curl -s "${CIRCLE_PULL_REQUEST}" | sed -e :a -e "N; s/\n/ /g; ta" | grep -oP "Issue[(]s[)].*Checklists" | grep -oP "\"https[^\"]+\"" | sed -e "s~\"~~g" | grep -o "https://jira.acf.gov/browse/[A-Z0-9-]*") + + MESSAGE_TEXT=":rocket: Deployment of PR <${CIRCLE_PULL_REQUEST}|${PR_NUMBER}> (${PR_TITLE}) was successful!" + if [ ! -z "${JIRA_URLS}" ]; then + MESSAGE_TEXT="${MESSAGE_TEXT}\nJIRA URLs in the PR:\n${JIRA_URLS}" + fi + else + MESSAGE_TEXT=":rocket: Deployment of PR <${CIRCLE_PULL_REQUEST}|${PR_NUMBER}> was successful!" + fi + + echo -e "${MESSAGE_TEXT}" build_and_lint: executor: docker-executor steps: @@ -1201,6 +1230,7 @@ workflows: when: equal: [false, << pipeline.parameters.manual-trigger >>] jobs: + - test_pr_extraction - build_and_lint - build_and_lint_similarity_api - test_backend: From 4aec377093416ce7054356cfa62c74b87ffa234f Mon Sep 17 00:00:00 2001 From: Krys Wisnaskas Date: Wed, 28 Aug 2024 11:20:15 -0400 Subject: [PATCH 02/18] Test post-merge extraction --- .circleci/config.yml | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 39d83bcdd3..2115479a1b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -576,30 +576,30 @@ jobs: executor: docker-executor steps: - run: - name: Check Pull Request Environment Variable + name: Extract Last Merged PR Information command: | - if [ -z "${CIRCLE_PULL_REQUEST}" ]; then - echo "CIRCLE_PULL_REQUEST is not set. This job is likely not running in a pull request context." + # Extract the last merged PR number from the commit message + PR_NUMBER=$(git log -1 --pretty=%B | grep -oP '(?<=Merge pull request #)\d+') + + # Extract the PR title from the commit message + PR_TITLE=$(git log -1 --pretty=%B | grep -oP '(?<=: ).*') + + # If PR_NUMBER or PR_TITLE is not found, handle it + if [ -z "$PR_NUMBER" ] || [ -z "$PR_TITLE" ]; then + echo "Unable to extract PR information. This may not be a merge commit." exit 1 - else - echo "CIRCLE_PULL_REQUEST is set to: ${CIRCLE_PULL_REQUEST}" fi - - PR_NUMBER=${CIRCLE_PULL_REQUEST##*/} - - PR_TITLE=$(curl -s "${CIRCLE_PULL_REQUEST}" | sed -e :a -e "N; s/\n/ /g; ta" | grep -oP "[^<]+" | sed -re "s~<[^>]+>~~g") - - if [ ! -z "${PR_TITLE}" ]; then - JIRA_URLS=$(curl -s "${CIRCLE_PULL_REQUEST}" | sed -e :a -e "N; s/\n/ /g; ta" | grep -oP "Issue[(]s[)].*Checklists" | grep -oP "\"https[^\"]+\"" | sed -e "s~\"~~g" | grep -o "https://jira.acf.gov/browse/[A-Z0-9-]*") - - MESSAGE_TEXT=":rocket: Deployment of PR <${CIRCLE_PULL_REQUEST}|${PR_NUMBER}> (${PR_TITLE}) was successful!" - if [ ! -z "${JIRA_URLS}" ]; then - MESSAGE_TEXT="${MESSAGE_TEXT}\nJIRA URLs in the PR:\n${JIRA_URLS}" - fi - else - MESSAGE_TEXT=":rocket: Deployment of PR <${CIRCLE_PULL_REQUEST}|${PR_NUMBER}> was successful!" + + # Optionally, extract related JIRA URLs if they are part of the commit message + JIRA_URLS=$(git log -1 --pretty=%B | grep -o "https://jira.acf.gov/browse/[A-Z0-9-]*") + + # Construct the deployment message + MESSAGE_TEXT=":rocket: Deployment of PR #${PR_NUMBER} (${PR_TITLE}) was successful!" + if [ ! -z "${JIRA_URLS}" ]; then + MESSAGE_TEXT="${MESSAGE_TEXT}\nJIRA URLs in the PR:\n${JIRA_URLS}" fi - + + # Output the deployment message echo -e "${MESSAGE_TEXT}" build_and_lint: executor: docker-executor From 9fb0ff503c4a1eecf2500f192d94b6cde8d18689 Mon Sep 17 00:00:00 2001 From: Krys Wisnaskas Date: Wed, 28 Aug 2024 11:24:14 -0400 Subject: [PATCH 03/18] Remove whitespace --- .circleci/config.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2115479a1b..a26beff242 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -580,19 +580,16 @@ jobs: command: | # Extract the last merged PR number from the commit message PR_NUMBER=$(git log -1 --pretty=%B | grep -oP '(?<=Merge pull request #)\d+') - + # Extract the PR title from the commit message PR_TITLE=$(git log -1 --pretty=%B | grep -oP '(?<=: ).*') - + # If PR_NUMBER or PR_TITLE is not found, handle it if [ -z "$PR_NUMBER" ] || [ -z "$PR_TITLE" ]; then echo "Unable to extract PR information. This may not be a merge commit." exit 1 fi - - # Optionally, extract related JIRA URLs if they are part of the commit message - JIRA_URLS=$(git log -1 --pretty=%B | grep -o "https://jira.acf.gov/browse/[A-Z0-9-]*") - + # Construct the deployment message MESSAGE_TEXT=":rocket: Deployment of PR #${PR_NUMBER} (${PR_TITLE}) was successful!" if [ ! -z "${JIRA_URLS}" ]; then From 46dc9ce855ba7cac6d76c3b9c19eadb14cf11324 Mon Sep 17 00:00:00 2001 From: Krys Wisnaskas Date: Wed, 28 Aug 2024 11:53:26 -0400 Subject: [PATCH 04/18] Add checkout to the job's steps --- .circleci/config.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index a26beff242..71ad2e4a7f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -575,28 +575,25 @@ jobs: test_pr_extraction: executor: docker-executor steps: + - checkout - run: name: Extract Last Merged PR Information command: | # Extract the last merged PR number from the commit message PR_NUMBER=$(git log -1 --pretty=%B | grep -oP '(?<=Merge pull request #)\d+') - # Extract the PR title from the commit message PR_TITLE=$(git log -1 --pretty=%B | grep -oP '(?<=: ).*') - # If PR_NUMBER or PR_TITLE is not found, handle it if [ -z "$PR_NUMBER" ] || [ -z "$PR_TITLE" ]; then echo "Unable to extract PR information. This may not be a merge commit." exit 1 fi - # Construct the deployment message MESSAGE_TEXT=":rocket: Deployment of PR #${PR_NUMBER} (${PR_TITLE}) was successful!" if [ ! -z "${JIRA_URLS}" ]; then MESSAGE_TEXT="${MESSAGE_TEXT}\nJIRA URLs in the PR:\n${JIRA_URLS}" fi - # Output the deployment message echo -e "${MESSAGE_TEXT}" build_and_lint: executor: docker-executor From e44f5d69081bae9035735d83f9862927d0ac8b26 Mon Sep 17 00:00:00 2001 From: Krys Wisnaskas Date: Wed, 28 Aug 2024 12:14:02 -0400 Subject: [PATCH 05/18] Add debugging --- .circleci/config.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 71ad2e4a7f..0218f20b32 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -579,7 +579,12 @@ jobs: - run: name: Extract Last Merged PR Information command: | - # Extract the last merged PR number from the commit message + set -x + if [ ! -d ".git" ]; then + echo "No .git directory found. Ensure the repository is properly checked out." + exit 1 + fi + PR_NUMBER=$(git log -1 --pretty=%B | grep -oP '(?<=Merge pull request #)\d+') PR_TITLE=$(git log -1 --pretty=%B | grep -oP '(?<=: ).*') From 7616a1a5d3ef3dd9cd469be9ec1d2ada6b299c81 Mon Sep 17 00:00:00 2001 From: Krys Wisnaskas Date: Wed, 28 Aug 2024 12:31:17 -0400 Subject: [PATCH 06/18] split logic --- .circleci/config.yml | 36 +++++++++++++++++++++++++----------- 1 file changed, 25 insertions(+), 11 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 0218f20b32..d8c83657b1 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -584,21 +584,35 @@ jobs: echo "No .git directory found. Ensure the repository is properly checked out." exit 1 fi - - PR_NUMBER=$(git log -1 --pretty=%B | grep -oP '(?<=Merge pull request #)\d+') + COMMIT_MESSAGE=$(git log -1 --pretty=%B) + echo "Last commit message: $COMMIT_MESSAGE" + if echo "$COMMIT_MESSAGE" | grep -q "Merge pull request #"; then - PR_TITLE=$(git log -1 --pretty=%B | grep -oP '(?<=: ).*') + PR_NUMBER=$(git log -1 --pretty=%B | grep -oP '(?<=Merge pull request #)\d+') - if [ -z "$PR_NUMBER" ] || [ -z "$PR_TITLE" ]; then - echo "Unable to extract PR information. This may not be a merge commit." - exit 1 - fi + PR_TITLE=$(git log -1 --pretty=%B | grep -oP '(?<=: ).*') + + if [ -z "$PR_NUMBER" ] || [ -z "$PR_TITLE" ]; then + echo "Unable to extract PR information. This may not be a merge commit." + exit 1 + fi + + MESSAGE_TEXT=":rocket: Deployment of PR #${PR_NUMBER} (${PR_TITLE}) was successful!" + if [ ! -z "${JIRA_URLS}" ]; then + MESSAGE_TEXT="${MESSAGE_TEXT}\nJIRA URLs in the PR:\n${JIRA_URLS}" + fi + else + echo "This is a regular commit, not a merge commit." + + COMMIT_HASH=$(git log -1 --pretty=%H) + COMMIT_AUTHOR=$(git log -1 --pretty=%an) + COMMIT_DATE=$(git log -1 --pretty=%cd) + echo "Commit Hash: $COMMIT_HASH" + echo "Author: $COMMIT_AUTHOR" + echo "Date: $COMMIT_DATE" - MESSAGE_TEXT=":rocket: Deployment of PR #${PR_NUMBER} (${PR_TITLE}) was successful!" - if [ ! -z "${JIRA_URLS}" ]; then - MESSAGE_TEXT="${MESSAGE_TEXT}\nJIRA URLs in the PR:\n${JIRA_URLS}" + MESSAGE_TEXT=":rocket: Deployment of commit ${COMMIT_HASH} by ${COMMIT_AUTHOR} on ${COMMIT_DATE} was successful!" fi - echo -e "${MESSAGE_TEXT}" build_and_lint: executor: docker-executor From 67e54c83dd9ee83f1f03cf30ae69293de3a6d8a1 Mon Sep 17 00:00:00 2001 From: Krys Wisnaskas Date: Wed, 28 Aug 2024 13:04:08 -0400 Subject: [PATCH 07/18] Handle PR context --- .circleci/config.yml | 33 ++++++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index d8c83657b1..841e77e194 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -578,7 +578,7 @@ jobs: - checkout - run: name: Extract Last Merged PR Information - command: | + command: set -x if [ ! -d ".git" ]; then echo "No .git directory found. Ensure the repository is properly checked out." @@ -602,16 +602,31 @@ jobs: MESSAGE_TEXT="${MESSAGE_TEXT}\nJIRA URLs in the PR:\n${JIRA_URLS}" fi else - echo "This is a regular commit, not a merge commit." + # This is not a merge commit, assume it's running in a PR context + if [ -n "${CIRCLE_PULL_REQUEST}" ]; then + echo "CIRCLE_PULL_REQUEST is set to: ${CIRCLE_PULL_REQUEST}" + + # Extract the PR number from the CIRCLE_PULL_REQUEST variable + PR_NUMBER=${CIRCLE_PULL_REQUEST##*/} + echo "PR_NUMBER: $PR_NUMBER" # Debugging: Print the PR number - COMMIT_HASH=$(git log -1 --pretty=%H) - COMMIT_AUTHOR=$(git log -1 --pretty=%an) - COMMIT_DATE=$(git log -1 --pretty=%cd) - echo "Commit Hash: $COMMIT_HASH" - echo "Author: $COMMIT_AUTHOR" - echo "Date: $COMMIT_DATE" + # Extract the PR title using the PR URL + PR_TITLE=$(curl -s "${CIRCLE_PULL_REQUEST}" | grep -oP '[^<]+' | sed -re 's~<[^>]+>~~g') + echo "PR_TITLE: $PR_TITLE" # Debugging: Print the PR title - MESSAGE_TEXT=":rocket: Deployment of commit ${COMMIT_HASH} by ${COMMIT_AUTHOR} on ${COMMIT_DATE} was successful!" + # Optionally, extract related JIRA URLs if they are part of the PR description + JIRA_URLS=$(curl -s "${CIRCLE_PULL_REQUEST}" | grep -o "https://jira.acf.gov/browse/[A-Z0-9-]*") + echo "JIRA_URLS: $JIRA_URLS" # Debugging: Print the JIRA URLs + + # Construct the deployment message using PR information + MESSAGE_TEXT=":rocket: Deployment of PR <${CIRCLE_PULL_REQUEST}|${PR_NUMBER}> (${PR_TITLE}) was successful!" + if [ -n "${JIRA_URLS}" ]; then + MESSAGE_TEXT="${MESSAGE_TEXT}\nJIRA URLs in the PR:\n${JIRA_URLS}" + fi + else + echo "CIRCLE_PULL_REQUEST is not set. Exiting without extracting PR information." + exit 1 # Exit with an error because the script expects a PR context or merge commit + fi fi echo -e "${MESSAGE_TEXT}" build_and_lint: From 9e83014478dea434f5cd0779a65a8f99b1852de3 Mon Sep 17 00:00:00 2001 From: Krys Wisnaskas Date: Wed, 28 Aug 2024 13:11:23 -0400 Subject: [PATCH 08/18] Add context --- .circleci/config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 841e77e194..c1ec6d9208 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -578,14 +578,14 @@ jobs: - checkout - run: name: Extract Last Merged PR Information - command: + command: | set -x if [ ! -d ".git" ]; then echo "No .git directory found. Ensure the repository is properly checked out." exit 1 fi COMMIT_MESSAGE=$(git log -1 --pretty=%B) - echo "Last commit message: $COMMIT_MESSAGE" + echo $COMMIT_MESSAGE if echo "$COMMIT_MESSAGE" | grep -q "Merge pull request #"; then PR_NUMBER=$(git log -1 --pretty=%B | grep -oP '(?<=Merge pull request #)\d+') From e99a814caf9386f392d0abc4b13775d3b187fa12 Mon Sep 17 00:00:00 2001 From: Krys Wisnaskas Date: Wed, 28 Aug 2024 13:21:25 -0400 Subject: [PATCH 09/18] Update known dependencies --- frontend/yarn-audit-known-issues | 81 ++++++++++++++++---------------- 1 file changed, 41 insertions(+), 40 deletions(-) diff --git a/frontend/yarn-audit-known-issues b/frontend/yarn-audit-known-issues index 0084f6081a..34ae28039f 100644 --- a/frontend/yarn-audit-known-issues +++ b/frontend/yarn-audit-known-issues @@ -1,43 +1,44 @@ {"type":"auditAdvisory","data":{"resolution":{"id":1097682,"path":"react-scripts>jest>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.0","paths":["react-scripts>jest>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-runner>jest-environment-jsdom>jsdom>tough-cookie"]}],"metadata":null,"vulnerable_versions":"<4.1.3","module_name":"tough-cookie","severity":"moderate","github_advisory_id":"GHSA-72xf-g2v4-qvf3","cves":["CVE-2023-26136"],"access":"public","patched_versions":">=4.1.3","cvss":{"score":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},"updated":"2024-06-21T21:33:53.000Z","recommendation":"Upgrade to version 4.1.3 or later","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1097682,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-26136\n- https://github.com/salesforce/tough-cookie/issues/282\n- https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e\n- https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3\n- https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873\n- https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ\n- https://security.netapp.com/advisory/ntap-20240621-0006\n- https://github.com/advisories/GHSA-72xf-g2v4-qvf3","created":"2023-07-01T06:30:16.000Z","reported_by":null,"title":"tough-cookie Prototype Pollution vulnerability","npm_advisory_id":null,"overview":"Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in `rejectPublicSuffixes=false` mode. This issue arises from the manner in which the objects are initialized.","url":"https://github.com/advisories/GHSA-72xf-g2v4-qvf3"}}} {"type":"auditAdvisory","data":{"resolution":{"id":1097682,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.0","paths":["react-scripts>jest>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-runner>jest-environment-jsdom>jsdom>tough-cookie"]}],"metadata":null,"vulnerable_versions":"<4.1.3","module_name":"tough-cookie","severity":"moderate","github_advisory_id":"GHSA-72xf-g2v4-qvf3","cves":["CVE-2023-26136"],"access":"public","patched_versions":">=4.1.3","cvss":{"score":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},"updated":"2024-06-21T21:33:53.000Z","recommendation":"Upgrade to version 4.1.3 or later","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1097682,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-26136\n- https://github.com/salesforce/tough-cookie/issues/282\n- https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e\n- https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3\n- https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873\n- https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ\n- https://security.netapp.com/advisory/ntap-20240621-0006\n- https://github.com/advisories/GHSA-72xf-g2v4-qvf3","created":"2023-07-01T06:30:16.000Z","reported_by":null,"title":"tough-cookie Prototype Pollution vulnerability","npm_advisory_id":null,"overview":"Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in `rejectPublicSuffixes=false` mode. This issue arises from the manner in which the objects are initialized.","url":"https://github.com/advisories/GHSA-72xf-g2v4-qvf3"}}} {"type":"auditAdvisory","data":{"resolution":{"id":1097682,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>jest-runner>jest-environment-jsdom>jsdom>tough-cookie","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.0","paths":["react-scripts>jest>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-runner>jest-environment-jsdom>jsdom>tough-cookie"]}],"metadata":null,"vulnerable_versions":"<4.1.3","module_name":"tough-cookie","severity":"moderate","github_advisory_id":"GHSA-72xf-g2v4-qvf3","cves":["CVE-2023-26136"],"access":"public","patched_versions":">=4.1.3","cvss":{"score":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},"updated":"2024-06-21T21:33:53.000Z","recommendation":"Upgrade to version 4.1.3 or later","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1097682,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-26136\n- https://github.com/salesforce/tough-cookie/issues/282\n- https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e\n- https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3\n- https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873\n- https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ\n- https://security.netapp.com/advisory/ntap-20240621-0006\n- https://github.com/advisories/GHSA-72xf-g2v4-qvf3","created":"2023-07-01T06:30:16.000Z","reported_by":null,"title":"tough-cookie Prototype Pollution vulnerability","npm_advisory_id":null,"overview":"Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in `rejectPublicSuffixes=false` mode. This issue arises from the manner in which the objects are initialized.","url":"https://github.com/advisories/GHSA-72xf-g2v4-qvf3"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>tailwindcss>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>react-dev-utils>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest-resolve>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>babel-jest>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>eslint-webpack-plugin>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>jest-config>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>@jest/core>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest>jest-cli>@jest/core>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>tailwindcss>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"http-proxy-middleware>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"react-scripts>webpack-dev-server>http-proxy-middleware>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} -{"type":"auditAdvisory","data":{"resolution":{"id":1098618,"path":"micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":0,"vectorString":null},"updated":"2024-08-23T17:27:31.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098618,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098664,"path":"react-scripts>webpack","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"5.78.0","paths":["react-scripts>webpack"]}],"metadata":null,"vulnerable_versions":"<5.94.0","module_name":"webpack","severity":"moderate","github_advisory_id":"GHSA-4vvj-4cpr-p986","cves":["CVE-2024-43788"],"access":"public","patched_versions":">=5.94.0","cvss":{"score":6.4,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H"},"updated":"2024-08-27T19:50:41.000Z","recommendation":"Upgrade to version 5.94.0 or later","cwe":["CWE-79"],"found_by":null,"deleted":null,"id":1098664,"references":"- https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986\n- https://nvd.nist.gov/vuln/detail/CVE-2024-43788\n- https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61\n- https://research.securitum.com/xss-in-amp4email-dom-clobbering\n- https://scnps.co/papers/sp23_domclob.pdf\n- https://github.com/advisories/GHSA-4vvj-4cpr-p986","created":"2024-08-27T19:50:40.000Z","reported_by":null,"title":"Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS","npm_advisory_id":null,"overview":"Hi, Webpack developer team!\n\n### Summary\n\nWe discovered a DOM Clobbering vulnerability in Webpack’s `AutoPublicPathRuntimeModule`. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present.\n\nWe found the real-world exploitation of this gadget in the Canvas LMS which allows XSS attack happens through an javascript code compiled by Webpack (the vulnerable part is from Webpack). We believe this is a severe issue. If Webpack’s code is not resilient to DOM Clobbering attacks, it could lead to significant security vulnerabilities in any web application using Webpack-compiled code.\n\n\n### Details\n\n#### Backgrounds\n\nDOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. More for information about DOM Clobbering, here are some references:\n\n[1] https://scnps.co/papers/sp23_domclob.pdf\n[2] https://research.securitum.com/xss-in-amp4email-dom-clobbering/\n\n\n#### Gadgets found in Webpack\n\nWe identified a DOM Clobbering vulnerability in Webpack’s `AutoPublicPathRuntimeModule`. When the `output.publicPath` field in the configuration is not set or is set to `auto`, the following code is generated in the bundle to dynamically resolve and load additional JavaScript files:\n\n```\n/******/ \t/* webpack/runtime/publicPath */\n/******/ \t(() => {\n/******/ \t\tvar scriptUrl;\n/******/ \t\tif (__webpack_require__.g.importScripts) scriptUrl = __webpack_require__.g.location + \"\";\n/******/ \t\tvar document = __webpack_require__.g.document;\n/******/ \t\tif (!scriptUrl && document) {\n/******/ \t\t\tif (document.currentScript)\n/******/ \t\t\t\tscriptUrl = document.currentScript.src;\n/******/ \t\t\tif (!scriptUrl) {\n/******/ \t\t\t\tvar scripts = document.getElementsByTagName(\"script\");\n/******/ \t\t\t\tif(scripts.length) {\n/******/ \t\t\t\t\tvar i = scripts.length - 1;\n/******/ \t\t\t\t\twhile (i > -1 && (!scriptUrl || !/^http(s?):/.test(scriptUrl))) scriptUrl = scripts[i--].src;\n/******/ \t\t\t\t}\n/******/ \t\t\t}\n/******/ \t\t}\n/******/ \t\t// When supporting browsers where an automatic publicPath is not supported you must specify an output.publicPath manually via configuration\n/******/ \t\t// or pass an empty string (\"\") and set the __webpack_public_path__ variable from your code to use your own logic.\n/******/ \t\tif (!scriptUrl) throw new Error(\"Automatic publicPath is not supported in this browser\");\n/******/ \t\tscriptUrl = scriptUrl.replace(/#.*$/, \"\").replace(/\\?.*$/, \"\").replace(/\\/[^\\/]+$/, \"/\");\n/******/ \t\t__webpack_require__.p = scriptUrl;\n/******/ \t})();\n```\n\nHowever, this code is vulnerable to a DOM Clobbering attack. The lookup on the line with `document.currentScript` can be shadowed by an attacker, causing it to return an attacker-controlled HTML element instead of the current script element as intended. In such a scenario, the `src` attribute of the attacker-controlled element will be used as the `scriptUrl` and assigned to `__webpack_require__.p`. If additional scripts are loaded from the server, `__webpack_require__.p` will be used as the base URL, pointing to the attacker's domain. This could lead to arbitrary script loading from the attacker's server, resulting in severe security risks.\n\n### PoC\n\nPlease note that we have identified a real-world exploitation of this vulnerability in the Canvas LMS. Once the issue has been patched, I am willing to share more details on the exploitation. For now, I’m providing a demo to illustrate the concept.\n\nConsider a website developer with the following two scripts, `entry.js` and `import1.js`, that are compiled using Webpack:\n\n```\n// entry.js\nimport('./import1.js')\n .then(module => {\n module.hello();\n })\n .catch(err => {\n console.error('Failed to load module', err);\n });\n```\n\n```\n// import1.js\nexport function hello () {\n console.log('Hello');\n}\n```\n\nThe webpack.config.js is set up as follows:\n```\nconst path = require('path');\n\nmodule.exports = {\n entry: './entry.js', // Ensure the correct path to your entry file\n output: {\n filename: 'webpack-gadgets.bundle.js', // Output bundle file\n path: path.resolve(__dirname, 'dist'), // Output directory\n publicPath: \"auto\", // Or leave this field not set\n },\n target: 'web',\n mode: 'development',\n};\n```\n\nWhen the developer builds these scripts into a bundle and adds it to a webpage, the page could load the `import1.js` file from the attacker's domain, `attacker.controlled.server`. The attacker only needs to insert an `img` tag with the `name` attribute set to `currentScript`. This can be done through a website's feature that allows users to embed certain script-less HTML (e.g., markdown renderers, web email clients, forums) or via an HTML injection vulnerability in third-party JavaScript loaded on the page.\n\n```\n\n\n\n Webpack Example\n \n \n \n\n\n\n\n\n```\n\n### Impact\n\nThis vulnerability can lead to cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or id attributes.\n\n### Patch\n\nA possible patch to this vulnerability could refer to the Google Closure project which makes itself resistant to DOM Clobbering attack: https://github.com/google/closure-library/blob/b312823ec5f84239ff1db7526f4a75cba0420a33/closure/goog/base.js#L174\n\n```\n/******/ \t/* webpack/runtime/publicPath */\n/******/ \t(() => {\n/******/ \t\tvar scriptUrl;\n/******/ \t\tif (__webpack_require__.g.importScripts) scriptUrl = __webpack_require__.g.location + \"\";\n/******/ \t\tvar document = __webpack_require__.g.document;\n/******/ \t\tif (!scriptUrl && document) {\n/******/ \t\t\tif (document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT') // Assume attacker cannot control script tag, otherwise it is XSS already :>\n/******/ \t\t\t\tscriptUrl = document.currentScript.src;\n/******/ \t\t\tif (!scriptUrl) {\n/******/ \t\t\t\tvar scripts = document.getElementsByTagName(\"script\");\n/******/ \t\t\t\tif(scripts.length) {\n/******/ \t\t\t\t\tvar i = scripts.length - 1;\n/******/ \t\t\t\t\twhile (i > -1 && (!scriptUrl || !/^http(s?):/.test(scriptUrl))) scriptUrl = scripts[i--].src;\n/******/ \t\t\t\t}\n/******/ \t\t\t}\n/******/ \t\t}\n/******/ \t\t// When supporting browsers where an automatic publicPath is not supported you must specify an output.publicPath manually via configuration\n/******/ \t\t// or pass an empty string (\"\") and set the __webpack_public_path__ variable from your code to use your own logic.\n/******/ \t\tif (!scriptUrl) throw new Error(\"Automatic publicPath is not supported in this browser\");\n/******/ \t\tscriptUrl = scriptUrl.replace(/#.*$/, \"\").replace(/\\?.*$/, \"\").replace(/\\/[^\\/]+$/, \"/\");\n/******/ \t\t__webpack_require__.p = scriptUrl;\n/******/ \t})();\n```\n\nPlease note that if we do not receive a response from the development team within three months, we will disclose this vulnerability to the CVE agent.","url":"https://github.com/advisories/GHSA-4vvj-4cpr-p986"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>tailwindcss>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>react-dev-utils>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest-resolve>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>babel-jest>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>@jest/core>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>eslint-webpack-plugin>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>@jest/core>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>@jest/core>jest-config>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>@jest/core>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest>jest-cli>@jest/core>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>tailwindcss>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"http-proxy-middleware>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"react-scripts>webpack-dev-server>http-proxy-middleware>micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098681,"path":"micromatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<4.0.8","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":">=4.0.8","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"updated":"2024-08-28T13:12:27.000Z","recommendation":"Upgrade to version 4.0.8 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098681,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0\n- https://github.com/micromatch/micromatch/pull/266\n- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\n- https://advisory.checkmarx.net/advisory/CVE-2024-4067\n- https://github.com/micromatch/micromatch/releases/tag/4.0.8\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to https://github.com/micromatch/micromatch/pull/266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} From c3f9d977b0a8a1ab67d1fc95f9b4ff17c888ba55 Mon Sep 17 00:00:00 2001 From: Krys Wisnaskas Date: Wed, 28 Aug 2024 14:09:19 -0400 Subject: [PATCH 10/18] Cleanup --- .circleci/config.yml | 23 +++++------------------ 1 file changed, 5 insertions(+), 18 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index c1ec6d9208..6623192ac4 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -587,45 +587,32 @@ jobs: COMMIT_MESSAGE=$(git log -1 --pretty=%B) echo $COMMIT_MESSAGE if echo "$COMMIT_MESSAGE" | grep -q "Merge pull request #"; then - PR_NUMBER=$(git log -1 --pretty=%B | grep -oP '(?<=Merge pull request #)\d+') - PR_TITLE=$(git log -1 --pretty=%B | grep -oP '(?<=: ).*') - - if [ -z "$PR_NUMBER" ] || [ -z "$PR_TITLE" ]; then + if [ -z "$PR_NUMBER" ]; then echo "Unable to extract PR information. This may not be a merge commit." exit 1 fi - - MESSAGE_TEXT=":rocket: Deployment of PR #${PR_NUMBER} (${PR_TITLE}) was successful!" + MESSAGE_TEXT=":rocket: Deployment of PR #${PR_NUMBER} was successful!" if [ ! -z "${JIRA_URLS}" ]; then MESSAGE_TEXT="${MESSAGE_TEXT}\nJIRA URLs in the PR:\n${JIRA_URLS}" fi else - # This is not a merge commit, assume it's running in a PR context if [ -n "${CIRCLE_PULL_REQUEST}" ]; then echo "CIRCLE_PULL_REQUEST is set to: ${CIRCLE_PULL_REQUEST}" - - # Extract the PR number from the CIRCLE_PULL_REQUEST variable PR_NUMBER=${CIRCLE_PULL_REQUEST##*/} - echo "PR_NUMBER: $PR_NUMBER" # Debugging: Print the PR number - - # Extract the PR title using the PR URL + echo "PR_NUMBER: $PR_NUMBER" PR_TITLE=$(curl -s "${CIRCLE_PULL_REQUEST}" | grep -oP '[^<]+' | sed -re 's~<[^>]+>~~g') echo "PR_TITLE: $PR_TITLE" # Debugging: Print the PR title - - # Optionally, extract related JIRA URLs if they are part of the PR description JIRA_URLS=$(curl -s "${CIRCLE_PULL_REQUEST}" | grep -o "https://jira.acf.gov/browse/[A-Z0-9-]*") - echo "JIRA_URLS: $JIRA_URLS" # Debugging: Print the JIRA URLs - - # Construct the deployment message using PR information + echo "JIRA_URLS: $JIRA_URLS" MESSAGE_TEXT=":rocket: Deployment of PR <${CIRCLE_PULL_REQUEST}|${PR_NUMBER}> (${PR_TITLE}) was successful!" if [ -n "${JIRA_URLS}" ]; then MESSAGE_TEXT="${MESSAGE_TEXT}\nJIRA URLs in the PR:\n${JIRA_URLS}" fi else echo "CIRCLE_PULL_REQUEST is not set. Exiting without extracting PR information." - exit 1 # Exit with an error because the script expects a PR context or merge commit + exit 1 fi fi echo -e "${MESSAGE_TEXT}" From 3a4d932690b1b18d0c26c7116d325d11dedb4975 Mon Sep 17 00:00:00 2001 From: Krys Wisnaskas Date: Wed, 28 Aug 2024 14:38:31 -0400 Subject: [PATCH 11/18] Forgot to save --- .circleci/config.yml | 97 +++++++++++++++++++++++++++++++------------- 1 file changed, 68 insertions(+), 29 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 6623192ac4..38f31827e4 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -230,7 +230,6 @@ commands: slack_channel: << parameters.slack_channel >> message_text_file: "/tmp/message_file" - cf_deploy: description: "Login to cloud foundry space with service account credentials and push application using deployment configuration file." @@ -553,7 +552,7 @@ parameters: description: "Name of github branch that will deploy to dev" default: "TTAHUB-3097/transactions-for-workers-round-2" type: string - sandbox_git_branch: # change to feature branch to test deployment + sandbox_git_branch: # change to feature branch to test deployment default: "mb/TTAHUB-3198/training-report-alerts" type: string prod_new_relic_app_id: @@ -656,9 +655,9 @@ jobs: command: | chmod +x ./bin/check_node_version_compatibility.sh ./bin/check_node_version_compatibility.sh - - store_artifacts: # store backend lint reports + - store_artifacts: # store backend lint reports path: reports - - store_artifacts: # store frontend lint reports + - store_artifacts: # store frontend lint reports path: frontend/reports - run: name: Remove similarity api data @@ -697,9 +696,9 @@ jobs: paths: - similarity_api/src/venv key: v1-pip-deps-{{ checksum "combined-requirements.txt" }} - - store_artifacts: # store backend lint reports + - store_artifacts: # store backend lint reports path: reports - - store_artifacts: # store frontend lint reports + - store_artifacts: # store frontend lint reports path: similarity_api/reports - persist_to_workspace: root: . @@ -709,7 +708,7 @@ jobs: test_backend: executor: docker-postgres-executor environment: - SFTP_EXPOSED_PORT: 2222 + SFTP_EXPOSED_PORT: 2222 steps: - attach_workspace: at: . @@ -728,7 +727,7 @@ jobs: background: true - run: name: Test backend - command: | + command: | chmod 744 ./bin/test-backend-ci ./bin/test-backend-ci - run: @@ -754,7 +753,7 @@ jobs: SYFT_VERSION: v1.5.0 IMAGE_NAME: ghcr.io/kcirtapfromspace/cloudfoundry_circleci:latest OUTPUT_FORMAT: json - OUTPUT_FILE: reports/syft_sbom.json + OUTPUT_FILE: reports/syft_sbom.json command: | mkdir -p reports/ curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b . "$SYFT_VERSION" @@ -981,22 +980,38 @@ jobs: - when: condition: and: - - equal: [<< pipeline.project.git_url >>, << pipeline.parameters.prod_git_url >>] - - equal: [<< pipeline.git.branch >>, << pipeline.parameters.prod_git_branch >>] + - equal: + [ + << pipeline.project.git_url >>, + << pipeline.parameters.prod_git_url >>, + ] + - equal: + [ + << pipeline.git.branch >>, + << pipeline.parameters.prod_git_branch >>, + ] steps: - - run: - name: Create production robot - command: ./bin/robot-factory + - run: + name: Create production robot + command: ./bin/robot-factory - run: name: Install Cloud Foundry command: | curl -v -L -o cf-cli_amd64.deb 'https://packages.cloudfoundry.org/stable?release=debian64&version=v7&source=github' sudo dpkg -i cf-cli_amd64.deb - - when: # sandbox: for short-term feature development, see README.md + - when: # sandbox: for short-term feature development, see README.md condition: and: - - equal: [<< pipeline.project.git_url >>, << pipeline.parameters.sandbox_git_url >>] - - equal: [<< pipeline.git.branch >>, << pipeline.parameters.sandbox_git_branch >>] + - equal: + [ + << pipeline.project.git_url >>, + << pipeline.parameters.sandbox_git_url >>, + ] + - equal: + [ + << pipeline.git.branch >>, + << pipeline.parameters.sandbox_git_branch >>, + ] steps: - run: name: Build frontend assets @@ -1051,11 +1066,19 @@ jobs: slack_channel: "acf-head-start-github" environment_name: "sandbox" - - when: # dev + - when: # dev condition: and: - - equal: [<< pipeline.project.git_url >>, << pipeline.parameters.dev_git_url >>] - - equal: [<< pipeline.git.branch >>, << pipeline.parameters.dev_git_branch >>] + - equal: + [ + << pipeline.project.git_url >>, + << pipeline.parameters.dev_git_url >>, + ] + - equal: + [ + << pipeline.git.branch >>, + << pipeline.parameters.dev_git_branch >>, + ] steps: - run: name: Build frontend assets @@ -1110,11 +1133,19 @@ jobs: slack_channel: "acf-head-start-github" environment_name: "dev" - - when: # staging + - when: # staging condition: and: - - equal: [<< pipeline.project.git_url >>, << pipeline.parameters.staging_git_url >>] - - equal: [<< pipeline.git.branch >>, << pipeline.parameters.staging_git_branch >>] + - equal: + [ + << pipeline.project.git_url >>, + << pipeline.parameters.staging_git_url >>, + ] + - equal: + [ + << pipeline.git.branch >>, + << pipeline.parameters.staging_git_branch >>, + ] steps: - run: name: Build frontend assets @@ -1167,11 +1198,19 @@ jobs: slack_channel: "acf-head-start-github" environment_name: "staging" - - when: # prod + - when: # prod condition: and: - - equal: [<< pipeline.project.git_url >>, << pipeline.parameters.prod_git_url >>] - - equal: [<< pipeline.git.branch >>, << pipeline.parameters.prod_git_branch >>] + - equal: + [ + << pipeline.project.git_url >>, + << pipeline.parameters.prod_git_url >>, + ] + - equal: + [ + << pipeline.git.branch >>, + << pipeline.parameters.prod_git_branch >>, + ] steps: - run: name: Build frontend assets @@ -1229,10 +1268,10 @@ jobs: docker: - image: cimg/base:2024.05 steps: - - sparse_checkout: - directories: 'automation' + - sparse_checkout: + directories: "automation" branch: << pipeline.git.branch >> - - cf_backup: + - cf_backup: auth_client_secret: PROD_AUTH_CLIENT_SECRET cloudgov_username: CLOUDGOV_PROD_USERNAME cloudgov_password: CLOUDGOV_PROD_PASSWORD From 62783731ae9c9eb2305ed356ddac17ddf7b52d3e Mon Sep 17 00:00:00 2001 From: Krys Wisnaskas Date: Wed, 28 Aug 2024 14:44:35 -0400 Subject: [PATCH 12/18] Remove PR_TITLE --- .circleci/config.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 38f31827e4..ff54ee5083 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -579,19 +579,9 @@ jobs: name: Extract Last Merged PR Information command: | set -x - if [ ! -d ".git" ]; then - echo "No .git directory found. Ensure the repository is properly checked out." - exit 1 - fi COMMIT_MESSAGE=$(git log -1 --pretty=%B) - echo $COMMIT_MESSAGE if echo "$COMMIT_MESSAGE" | grep -q "Merge pull request #"; then PR_NUMBER=$(git log -1 --pretty=%B | grep -oP '(?<=Merge pull request #)\d+') - PR_TITLE=$(git log -1 --pretty=%B | grep -oP '(?<=: ).*') - if [ -z "$PR_NUMBER" ]; then - echo "Unable to extract PR information. This may not be a merge commit." - exit 1 - fi MESSAGE_TEXT=":rocket: Deployment of PR #${PR_NUMBER} was successful!" if [ ! -z "${JIRA_URLS}" ]; then MESSAGE_TEXT="${MESSAGE_TEXT}\nJIRA URLs in the PR:\n${JIRA_URLS}" From 60bf5a1553d2b6ebcc856bcbb90d3f4a801403a9 Mon Sep 17 00:00:00 2001 From: Krys Wisnaskas Date: Wed, 28 Aug 2024 17:43:06 -0400 Subject: [PATCH 13/18] Extract PR number from the merge commit --- .circleci/config.yml | 53 ++++++++++++-------------------------------- 1 file changed, 14 insertions(+), 39 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index ff54ee5083..6a324474d7 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -180,6 +180,7 @@ commands: description: "Name of environment" type: string steps: + - checkout - run: name: Generate Message command: | @@ -204,24 +205,32 @@ commands: env_name="<< parameters.environment_name >>" - if [ ! -z "${CIRCLE_PULL_REQUEST}" ]; then + if [ -n "${CIRCLE_PULL_REQUEST}" ]; then PR_NUMBER=${CIRCLE_PULL_REQUEST##*/} - PR_TITLE=$(curl -s "${CIRCLE_PULL_REQUEST}" | sed -e :a -e "N; s/\n/ /g; ta" | grep -oP "[^<]+" | sed -re "s~<[^>]+>~~g") + PR_TITLE=$(curl -s "${CIRCLE_PULL_REQUEST}" | grep -oP '[^<]+' | sed -re 's~<[^>]+>~~g') if [ ! -z "${PR_TITLE}" ]; then JIRA_URLS=$(curl -s "${CIRCLE_PULL_REQUEST}" | sed -e :a -e "N; s/\n/ /g; ta" | grep -oP "Issue[(]s[)].*Checklists" | grep -oP "\"https[^\"]+\"" | sed -e "s~\"~~g" | grep -o "https://jira.acf.gov/browse/[A-Z0-9-]*") MESSAGE_TEXT=":rocket: Deployment of PR <${CIRCLE_PULL_REQUEST}|${PR_NUMBER}> (${PR_TITLE}) to <${ENV_URL}|${env_name}> was successful!" - if [ ! -z "${JIRA_URLS}" ]; then + if [ -n "${JIRA_URLS}" ]; then MESSAGE_TEXT="${MESSAGE_TEXT}\nJIRA URLs in the PR:\n${JIRA_URLS}" fi else MESSAGE_TEXT=":rocket: Deployment of PR <${CIRCLE_PULL_REQUEST}|${PR_NUMBER}> to <${ENV_URL}|${env_name}> was successful!" fi else - MESSAGE_TEXT=":rocket: Deployment to <${ENV_URL}|${env_name}> was successful!" - fi + COMMIT_MESSAGE=$(git log -1 --pretty=%B) + if echo "$COMMIT_MESSAGE" | grep -q "Merge pull request #"; then + PR_NUMBER=$(git log -1 --pretty=%B | grep -oP '(?<=Merge pull request #)\d+') + MESSAGE_TEXT=":rocket: Deployment of PR #${PR_NUMBER} to <${ENV_URL}|${env_name}> was successful!" + if [ ! -z "${JIRA_URLS}" ]; then + MESSAGE_TEXT="${MESSAGE_TEXT}\nJIRA URLs in the PR:\n${JIRA_URLS}" + fi + else + MESSAGE_TEXT=":rocket: Deployment to <${ENV_URL}|${env_name}> was successful!" + fi echo -e "${MESSAGE_TEXT}" > /tmp/message_file @@ -571,40 +580,6 @@ parameters: type: boolean default: false jobs: - test_pr_extraction: - executor: docker-executor - steps: - - checkout - - run: - name: Extract Last Merged PR Information - command: | - set -x - COMMIT_MESSAGE=$(git log -1 --pretty=%B) - if echo "$COMMIT_MESSAGE" | grep -q "Merge pull request #"; then - PR_NUMBER=$(git log -1 --pretty=%B | grep -oP '(?<=Merge pull request #)\d+') - MESSAGE_TEXT=":rocket: Deployment of PR #${PR_NUMBER} was successful!" - if [ ! -z "${JIRA_URLS}" ]; then - MESSAGE_TEXT="${MESSAGE_TEXT}\nJIRA URLs in the PR:\n${JIRA_URLS}" - fi - else - if [ -n "${CIRCLE_PULL_REQUEST}" ]; then - echo "CIRCLE_PULL_REQUEST is set to: ${CIRCLE_PULL_REQUEST}" - PR_NUMBER=${CIRCLE_PULL_REQUEST##*/} - echo "PR_NUMBER: $PR_NUMBER" - PR_TITLE=$(curl -s "${CIRCLE_PULL_REQUEST}" | grep -oP '[^<]+' | sed -re 's~<[^>]+>~~g') - echo "PR_TITLE: $PR_TITLE" # Debugging: Print the PR title - JIRA_URLS=$(curl -s "${CIRCLE_PULL_REQUEST}" | grep -o "https://jira.acf.gov/browse/[A-Z0-9-]*") - echo "JIRA_URLS: $JIRA_URLS" - MESSAGE_TEXT=":rocket: Deployment of PR <${CIRCLE_PULL_REQUEST}|${PR_NUMBER}> (${PR_TITLE}) was successful!" - if [ -n "${JIRA_URLS}" ]; then - MESSAGE_TEXT="${MESSAGE_TEXT}\nJIRA URLs in the PR:\n${JIRA_URLS}" - fi - else - echo "CIRCLE_PULL_REQUEST is not set. Exiting without extracting PR information." - exit 1 - fi - fi - echo -e "${MESSAGE_TEXT}" build_and_lint: executor: docker-executor steps: From 59f7e787dbadb232fc358bc087b1701359bc2e14 Mon Sep 17 00:00:00 2001 From: Krys Wisnaskas Date: Wed, 28 Aug 2024 17:43:50 -0400 Subject: [PATCH 14/18] Remove test job --- .circleci/config.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 6a324474d7..7403a19993 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1249,7 +1249,6 @@ workflows: when: equal: [false, << pipeline.parameters.manual-trigger >>] jobs: - - test_pr_extraction - build_and_lint - build_and_lint_similarity_api - test_backend: From e163caad399cc6594fe319ca1d570be9bc648bbd Mon Sep 17 00:00:00 2001 From: Krys Wisnaskas Date: Thu, 29 Aug 2024 09:36:44 -0400 Subject: [PATCH 15/18] Test deploy --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index bcd07ad38c..e55e80aeb5 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -569,7 +569,7 @@ parameters: default: "TTAHUB-3097/transactions-for-workers-round-2" type: string sandbox_git_branch: # change to feature branch to test deployment - default: "mb/TTAHUB-3198/training-report-alerts" + default: "kw-test-deploy" type: string prod_new_relic_app_id: default: "877570491" From e4429b4081209d03f120e5f263f9954c5c9bf599 Mon Sep 17 00:00:00 2001 From: Krys Wisnaskas Date: Thu, 29 Aug 2024 10:30:02 -0400 Subject: [PATCH 16/18] Add missing tag --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index e55e80aeb5..746895f981 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -238,7 +238,7 @@ commands: else MESSAGE_TEXT=":rocket: Deployment to <${ENV_URL}|${env_name}> was successful!" fi - + fi echo -e "${MESSAGE_TEXT}" > /tmp/message_file - notify_slack: From 7ab7e897bc0770b2794c60f365eb5f4ebc70ea19 Mon Sep 17 00:00:00 2001 From: Krys Wisnaskas Date: Thu, 29 Aug 2024 14:03:34 -0400 Subject: [PATCH 17/18] Remove debugging messages --- .circleci/config.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 746895f981..0add3d0826 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -208,18 +208,11 @@ commands: if [ -n "${CIRCLE_PULL_REQUEST}" ]; then PR_NUMBER=${CIRCLE_PULL_REQUEST##*/} - # Debugging output - echo "CIRCLE_PULL_REQUEST: ${CIRCLE_PULL_REQUEST}" - echo "Extracted PR_NUMBER: ${PR_NUMBER}" - PR_TITLE=$(curl -s "${CIRCLE_PULL_REQUEST}" | sed -e :a -e "N; s/\n/ /g; ta" | grep -oP "[^<]+" | sed -re "s~<[^>]+>~~g") if [ ! -z "${PR_TITLE}" ]; then JIRA_URLS=$(curl -s "${CIRCLE_PULL_REQUEST}" | sed -e :a -e "N; s/\n/ /g; ta" | grep -oP "Issue[(]s[)].*Checklists" | grep -oP "\"https[^\"]+\"" | sed -e "s~\"~~g" | grep -o "https://jira.acf.gov/browse/[A-Z0-9-]*") - # Debugging output - echo "Extracted JIRA_URLS: ${JIRA_URLS}" - MESSAGE_TEXT=":rocket: Deployment of PR <${CIRCLE_PULL_REQUEST}|${PR_NUMBER}> (${PR_TITLE}) to <${ENV_URL}|${env_name}> was successful!" if [ -n "${JIRA_URLS}" ]; then MESSAGE_TEXT="${MESSAGE_TEXT}\nJIRA URLs in the PR:\n${JIRA_URLS}" From 9f2fa997470d823671e67fa3c114cce1718eece0 Mon Sep 17 00:00:00 2001 From: Matt Bevilacqua Date: Fri, 30 Aug 2024 12:01:26 -0400 Subject: [PATCH 18/18] Set event submitted: true when event is being submitted --- .../TrainingReportForm/__tests__/index.js | 35 +++++++++++++++++++ .../src/pages/TrainingReportForm/index.js | 5 ++- 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/frontend/src/pages/TrainingReportForm/__tests__/index.js b/frontend/src/pages/TrainingReportForm/__tests__/index.js index e605551824..9060a3e65e 100644 --- a/frontend/src/pages/TrainingReportForm/__tests__/index.js +++ b/frontend/src/pages/TrainingReportForm/__tests__/index.js @@ -304,4 +304,39 @@ describe('TrainingReportForm', () => { await waitFor(() => expect(screen.getByText(/: e-1 event/i)).toBeInTheDocument()); await waitFor(() => expect(screen.getByText(/r01-pd-1234/i)).toBeInTheDocument()); }); + it('passes correct values to backend', async () => { + fetchMock.get('/api/events/id/1', completedForm); + + fetchMock.put('/api/events/id/1', {}); + fetchMock.get(sessionsUrl, [ + { id: 2, eventId: 1, data: { sessionName: 'Toothbrushing vol 2', status: 'Complete' } }, + { id: 3, eventId: 1, data: { sessionName: 'Toothbrushing vol 3', status: 'Complete' } }, + ]); + + act(() => { + renderTrainingReportForm('1'); + }); + + await waitFor(() => expect(fetchMock.called('/api/events/id/1', { method: 'GET' })).toBe(true)); + const submitButton = await screen.findByRole('button', { name: /Review and submit/i }); + act(() => { + userEvent.click(submitButton); + }); + + // Wait for the modal to display. + await waitFor(() => expect(screen.getByText(/You will not be able to make changes once you save the event./i)).toBeInTheDocument()); + + // get the button with the text "Yes, continue". + const yesContinueButton = screen.getByRole('button', { name: /Yes, continue/i }); + act(() => { + userEvent.click(yesContinueButton); + }); + + await waitFor(() => expect(fetchMock.called('/api/events/id/1', { method: 'PUT' })).toBe(true)); + + // expect the data to contain "eventSubmitted: true" + expect(fetchMock.lastOptions('/api/events/id/1').body).toContain('"eventSubmitted":true'); + + await waitFor(() => expect(screen.getByText(/There was an error saving the training report/i)).toBeInTheDocument()); + }); }); diff --git a/frontend/src/pages/TrainingReportForm/index.js b/frontend/src/pages/TrainingReportForm/index.js index f1ca705a30..2290ec93e7 100644 --- a/frontend/src/pages/TrainingReportForm/index.js +++ b/frontend/src/pages/TrainingReportForm/index.js @@ -226,7 +226,10 @@ export default function TrainingReportForm({ match }) { // PUT it to the backend const updatedEvent = await updateEvent(trainingReportId, { - data, + data: { + ...data, + eventSubmitted: true, + }, ownerId: ownerId || null, pocIds: pocIds || null, collaboratorIds,