Alert: Dependencies have vulnerabilities. Please upgrade the dependency libraries immediately. #1256
Description
Run command: npm audit .
| Severity | Vulnerability Description | Package | Vulnerable Versions | Patched Versions | Paths | More Info |
|---|---|---|---|---|---|---|
| critical | protobufjs Prototype Pollution vulnerability | protobufjs | >=6.10.0 <6.11.4 | >=6.11.4 | .>@rango-dev/widget-embedded>@rango-dev/provider-all>@rango-dev/provider-cosmostation>@rango-dev/signer-cosmos>@keplr-wallet/cosmos>@keplr-wallet/types>@cosmjs/proto-signing>protobufjs | GHSA-h755-8qp9-cq85 |
| critical | protobufjs Prototype Pollution vulnerability | protobufjs | >=6.10.0 <6.11.4 | >=6.11.4 | .>@rango-dev/widget-embedded>@rango-dev/provider-all>@rango-dev/provider-cosmostation>@rango-dev/signer-cosmos>@keplr-wallet/cosmos>@keplr-wallet/types>secretjs>protobufjs | GHSA-h755-8qp9-cq85 |
| high | ws affected by a DoS when handling a request with many HTTP headers | ws | >=8.0.0 <8.17.1 | >=8.17.1 | .>@rango-dev/widget-embedded>@rango-dev/provider-all>@rango-dev/provider-safe>@safe-global/safe-apps-provider>@safe-global/safe-apps-sdk>viem>ws | GHSA-3h5v-q93c-6h6q |
| high | axios Inefficient Regular Expression Complexity vulnerability | axios | <0.21.2 | >=0.21.2 | .>@rango-dev/widget-embedded>@rango-dev/provider-all>@rango-dev/provider-cosmostation>@rango-dev/signer-cosmos>@keplr-wallet/cosmos>@keplr-wallet/types>secretjs>axios | GHSA-cph5-m8f7-6c5x |
| high | axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL | axios | <0.30.0 | >=0.30.0 | .>@rango-dev/widget-embedded>@rango-dev/provider-all>@rango-dev/provider-cosmostation>@rango-dev/signer-cosmos>@cosmjs/launchpad>axios | GHSA-jr5f-v2jv-69x6 |
| high | axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL | axios | <0.30.0 | >=0.30.0 | .>@rango-dev/widget-embedded>@rango-dev/provider-all>@rango-dev/provider-cosmostation>@rango-dev/signer-cosmos>@keplr-wallet/cosmos>@keplr-wallet/types>secretjs>axios | GHSA-jr5f-v2jv-69x6 |
| high | axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL | axios | >=1.0.0 <1.8.2 | >=1.8.2 | .>@rango-dev/widget-embedded>@rango-dev/provider-all>@rango-dev/provider-ledger>@ledgerhq/hw-app-eth>axios | GHSA-jr5f-v2jv-69x6 |
| moderate | Axios Cross-Site Request Forgery Vulnerability | axios | >=0.8.1 <0.28.0 | >=0.28.0 | .>@rango-dev/widget-embedded>@rango-dev/provider-all>@rango-dev/provider-cosmostation>@rango-dev/signer-cosmos>@cosmjs/launchpad>axios | GHSA-wf5p-g6vw-rhxx |
| moderate | Axios Cross-Site Request Forgery Vulnerability | axios | >=0.8.1 <0.28.0 | >=0.28.0 | .>@rango-dev/widget-embedded>@rango-dev/provider-all>@rango-dev/provider-cosmostation>@rango-dev/signer-cosmos>@keplr-wallet/cosmos>@keplr-wallet/types>secretjs>axios | GHSA-wf5p-g6vw-rhxx |
9 vulnerabilities found
Severity: 2 moderate | 5 high | 2 critical