Version Details and Security Vulnerabilities

📦

@rushstack/heft-config-file

0.15.0

Comparision Betweeen 0.15.0 and 0.14.25

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

Unpacked Size

124.63 KB

105.03 KB

Security Vulnerabilities

This site is an independent open-source project and is not affiliated with, endorsed by, or sponsored by npm, Inc. or GitHub, Inc. The name “npm” is a registered trademark of npm, Inc., used here solely to describe compatibility and reference publicly available npm package data.

Version Details and Security Vulnerabilities

📦

@rushstack/heft-config-file

0.15.0

Comparision Betweeen 0.15.0 and 0.14.25

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

Unpacked Size

124.63 KB

105.03 KB

Security Vulnerabilities

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 0.15.0 of the package @rushstack/heft-config-file.

All Security Vulnerabilities

All the vulnerabilities related to the version 0.15.0 of the package

Summary:

JSONPath Plus Remote Code Execution (RCE) Vulnerability

Details:

Versions of the package jsonpath-plus before 10.0.7 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node.

Note:

There were several attempts to fix it in versions 10.0.0-10.1.0 but it could still be exploited using different payloads

Details about jsonpath-plus@4.0.0

Summary:

JSONPath Plus allows Remote Code Execution

Details:

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode.

Note:

This is caused by an incomplete fix for CVE-2024-21534.

Details about jsonpath-plus@4.0.0

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 0.15.0 of the package @rushstack/heft-config-file.

All Security Vulnerabilities

All the vulnerabilities related to the version 0.15.0 of the package

Summary:

JSONPath Plus Remote Code Execution (RCE) Vulnerability

Details:

Note:

There were several attempts to fix it in versions 10.0.0-10.1.0 but it could still be exploited using different payloads

Details about jsonpath-plus@4.0.0

Summary:

JSONPath Plus allows Remote Code Execution

Details:

Note:

This is caused by an incomplete fix for CVE-2024-21534.

Details about jsonpath-plus@4.0.0

Version Details and Security Vulnerabilities

@rushstack/heft-config-file

Comparision Betweeen 0.15.0 and 0.14.25

Security Vulnerabilities

Version Details and Security Vulnerabilities

@rushstack/heft-config-file

Comparision Betweeen 0.15.0 and 0.14.25

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Version Details and Security Vulnerabilities

@rushstack/heft-config-file

Comparision Betweeen 0.15.0 and 0.14.25

Security Vulnerabilities

Version Details and Security Vulnerabilities

@rushstack/heft-config-file

Comparision Betweeen 0.15.0 and 0.14.25

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

jsonpath-plus@4.0.0 GHSA-pppg-cpfq-h7wr 9.3

jsonpath-plus@4.0.0 GHSA-hw8r-x6gr-5gjp 8.9

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

jsonpath-plus@4.0.0 GHSA-pppg-cpfq-h7wr 9.3

jsonpath-plus@4.0.0 GHSA-hw8r-x6gr-5gjp 8.9