Version Details and Security Vulnerabilities

📦

static-site

1.3.5

Comparision Betweeen 1.3.5 and 1.3.4

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

Unpacked Size

49.07 KB

49.28 KB

Security Vulnerabilities

This site is an independent open-source project and is not affiliated with, endorsed by, or sponsored by npm, Inc. or GitHub, Inc. The name “npm” is a registered trademark of npm, Inc., used here solely to describe compatibility and reference publicly available npm package data.

Version Details and Security Vulnerabilities

📦

static-site

1.3.5

Comparision Betweeen 1.3.5 and 1.3.4

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

Unpacked Size

49.07 KB

49.28 KB

Security Vulnerabilities

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 1.3.5 of the package static-site.

All Security Vulnerabilities

All the vulnerabilities related to the version 1.3.5 of the package

Summary:

Uncontrolled Resource Consumption in markdown-it

Details:

Impact

Special patterns with length > 50K chars can slow down parser significantly.

const md = require('markdown-it')();

md.render(`x ${' '.repeat(150000)} x  \nx`);

Patches

Upgrade to v12.3.2+

Workarounds

No.

References

Fix + test sample: https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2ef84986101

Details about markdown-it@7.0.1

Summary:

Regular Expression Denial of Service in markdown

Details:

All versions of markdown are vulnerable to Regular Expression Denial of Service (ReDoS). The markdown.toHTML() function has significantly degraded performance when parsing long strings containing underscores. This may lead to Denial of Service if the parser accepts user input.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

Details about markdown@0.5.0

Summary:

Arbitrary local file read vulnerability during template rendering

Details:

Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to read arbitrary files via the include or extends tags.

Details about swig-templates@2.0.3

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 1.3.5 of the package static-site.

All Security Vulnerabilities

All the vulnerabilities related to the version 1.3.5 of the package

Summary:

Uncontrolled Resource Consumption in markdown-it

Details:

Impact

Special patterns with length > 50K chars can slow down parser significantly.

const md = require('markdown-it')();

md.render(`x ${' '.repeat(150000)} x  \nx`);

Patches

Upgrade to v12.3.2+

Workarounds

No.

References

Fix + test sample: https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2ef84986101

Details about markdown-it@7.0.1

Summary:

Regular Expression Denial of Service in markdown

Details:

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

Details about markdown@0.5.0

Summary:

Arbitrary local file read vulnerability during template rendering

Details:

Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to read arbitrary files via the include or extends tags.

Details about swig-templates@2.0.3

Version Details and Security Vulnerabilities

static-site

Comparision Betweeen 1.3.5 and 1.3.4

Security Vulnerabilities

Version Details and Security Vulnerabilities

static-site

Comparision Betweeen 1.3.5 and 1.3.4

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Impact

Patches

Workarounds

References

Recommendation

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Impact

Patches

Workarounds

References

Recommendation

Version Details and Security Vulnerabilities

static-site

Comparision Betweeen 1.3.5 and 1.3.4

Security Vulnerabilities

Version Details and Security Vulnerabilities

static-site

Comparision Betweeen 1.3.5 and 1.3.4

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

markdown-it@7.0.1 GHSA-6vfc-qv3f-vr6c 5.3

Impact

Patches

Workarounds

References

markdown@0.5.0 GHSA-wx77-rp39-c6vg N/A

Recommendation

swig-templates@2.0.3 GHSA-2rq5-699j-x7p6 7.5

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

markdown-it@7.0.1 GHSA-6vfc-qv3f-vr6c 5.3

Impact

Patches

Workarounds

References

markdown@0.5.0 GHSA-wx77-rp39-c6vg N/A

Recommendation

swig-templates@2.0.3 GHSA-2rq5-699j-x7p6 7.5