Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

Project: zmscalldisplay

Scan Information (show all):

Summary

Summary of Vulnerable Dependencies (click to show all)

Dependency Vulnerability IDs Package Highest Severity CVE Count Confidence Evidence Count
.eslintrc.js   0 0
@parcel/reporter-dev-server:2.16.3 pkg:npm/%40parcel%2Freporter-dev-server@2.16.3 MEDIUM 1 3
analogClock.js   0 0
bar.js   0 0
baseview.js   0 0
bindHandler.js   0 0
bluescreen.js   0 0
bootstrap.bundle.min.js   0 0
brace-expansion:1.1.11 pkg:npm/brace-expansion@1.1.11 LOW 1 3
d.js   0 0
d3.min.js   0 0
dumper.js   0 0
errorHandler.js   0 0
eslint.config.js   0 0
file.js   0 0
helpers.js   0 0
index.js   0 0
jquery.min.js   0 0
nv.d3.min.js   0 0
open-editor.js   0 0
qrCode.js   0 0
queueList.js   0 0
ringAudio.js   0 0
settings.js   0 0
table-sort.js   0 0
tabs.js   0 0
toggle.js   0 0
waitingInfo.js   0 0

Dependencies (vulnerable)

.eslintrc.js

File Path: /github/workspace/zmscalldisplay/.eslintrc.js
MD5: 34ac7e6a629e73635ce5a8d424681c5e
SHA1: 675c6ded97e465400af24964b55c49e6e25ffced
SHA256:db64794b2b095bb93a4e99206e0b1363b027dfbed1e69c76c9260b0b6a9d01a3

Identifiers

  • None

@parcel/reporter-dev-server:2.16.3

File Path: /github/workspace/zmscalldisplay/package-lock.json?@parcel/reporter-dev-server

Referenced In Project/Scope: package-lock.json: transitive

Identifiers

  • pkg:npm/%40parcel%2Freporter-dev-server@2.16.3   (Confidence:Highest)

GHSA-qm9p-f9j5-w83w (NPM)  

parcel versions 1.6.1 and above have an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them.
CWE-346 Origin Validation Error

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Unscored:
  • Severity: moderate

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:\@parcel\/reporter-dev-server:\>\=1.6.1\<\=2.16.3:*:*:*:*:*:*:*

analogClock.js

File Path: /github/workspace/zmscalldisplay/js/block/analogClock.js
MD5: 26ddbbeb426b6f8a86ac170b129e9883
SHA1: 43e687431e5ed07f3802ab315aa70c325d261290
SHA256:afccd30651f025a1e87b517c229c8333dde1dd9d8a93dd56d2b4fc93c7347253

Identifiers

  • None

bar.js

File Path: /github/workspace/zmscalldisplay/vendor/tracy/tracy/src/Tracy/Bar/assets/bar.js
MD5: 2a9b73064834f21ea5a9894c9521c38b
SHA1: f5f666c069b61694a0293cc2d2b9b1c228c9ab51
SHA256:94546cd6dce28e555f30405bce897655b4146076f76f86a0a43e6831b6ae2d45

Identifiers

  • None

baseview.js

File Path: /github/workspace/zmscalldisplay/js/lib/baseview.js
MD5: ae9f3465a3159ae3b49414175c1dcb4b
SHA1: eff586be7b51f17fb9b217af29ad609d2553e7ea
SHA256:718be5ff2c22c3ce5fb0b5f2489b2ffdb9cbd57c5d7e15b88269b0e64deeffa2

Identifiers

  • None

bindHandler.js

File Path: /github/workspace/zmscalldisplay/js/lib/bindHandler.js
MD5: 02da9fbcce9021bb27d94cbc5d1c3e7b
SHA1: 9b8083272a4b682498f5e5e396fef74f35073e7e
SHA256:cb011db8f35a155950539f68dca786e81dac335911bfa9182404e5ef5da5c0c3

Identifiers

  • None

bluescreen.js

File Path: /github/workspace/zmscalldisplay/vendor/tracy/tracy/src/Tracy/BlueScreen/assets/bluescreen.js
MD5: 0f129e65454877880fc2954c4a461f57
SHA1: 56da74e26355080009a5545acaf8e93b37b3ecfb
SHA256:087de1ff1cbedf322cc38208f21ee48a4213018b49b25adc788d15ffe0cb0b10

Identifiers

  • None

bootstrap.bundle.min.js

File Path: /github/workspace/zmscalldisplay/vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/bootstrap.bundle.min.js
MD5: 43629cbd1e4634150e99b74d2c35a725
SHA1: c7827462c3ce7eacd5d4fbc975f6fd572b047778
SHA256:cb789b7cec81aa580177e1b3c0561011539974d243d3a1de0d78a1a278015cab

Identifiers

  • None

brace-expansion:1.1.11

File Path: /github/workspace/zmscalldisplay/package-lock.json?brace-expansion

Referenced In Project/Scope: package-lock.json: transitive

Identifiers

  • pkg:npm/brace-expansion@1.1.11   (Confidence:Highest)

GHSA-v6h2-p8h4-qcjw (NPM)  

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.12, 2.0.2, 3.0.1 and 4.0.1 is able to address this issue. The name of the patch is `a5b98a4f30d7813266b221435e1eaaf25a1b0ac5`. It is recommended to upgrade the affected component.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: LOW (3.0999999046325684)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Unscored:
  • Severity: low

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:brace-expansion:\>\=1.0.0\<\=1.1.11:*:*:*:*:*:*:*

d.js

File Path: /github/workspace/zmscalldisplay/vendor/aronduby/dump/src/D/resources/d.js
MD5: 30b19c3d953860cf9b890550ad398793
SHA1: 5a5b9c9d5d19497711bf1ea6ce381a632b917f6d
SHA256:92988e463e37017bc3528f002a7be97809dcdc3fece18e1635b1f41f7178f278

Identifiers

  • None

d3.min.js

File Path: /github/workspace/zmscalldisplay/vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/d3.min.js
MD5: 5bc245068b1b70d4c3eaef79045023e4
SHA1: 4cb68b0a6a11e6d7cf8f3712ab65a783fb49ea6c
SHA256:76c39718d1c0a3fb321676b3b7e29306c0907919a5716d5728bd1b08ae0169e7

Identifiers

  • None

dumper.js

File Path: /github/workspace/zmscalldisplay/vendor/tracy/tracy/src/Tracy/Dumper/assets/dumper.js
MD5: a1a10099927de11cddeac3f5e6f06496
SHA1: 8ece5f95fd921ff4774b7d879c2bf2fbfc4be8f5
SHA256:e76c473df57087ed36916bd6316bcb334e0f47ce9fdaefe433302c170d228f98

Identifiers

  • None

errorHandler.js

File Path: /github/workspace/zmscalldisplay/js/lib/errorHandler.js
MD5: 75c1bf6b72baeb97109b97d8978af636
SHA1: 128ec296b4cc81c13f09821ebe6e7c69a53b449a
SHA256:42cb23580077b2e0af303218e1453583cf0ce22391c18512f3b71b5f233d2615

Identifiers

  • None

eslint.config.js

File Path: /github/workspace/zmscalldisplay/vendor/tracy/tracy/eslint.config.js
MD5: 59b634b302dcd0b63ba01abbce9b95cc
SHA1: f0e34727345c321c9360d3c01ae24179d5a6cccf
SHA256:c1f89b20da818738089c388a7bb7633d6ec61204471311852bc3ef475529067d

Identifiers

  • None

file.js

File Path: /github/workspace/zmscalldisplay/vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/file.js
MD5: 3ffd21f16409adb49997d108bdf7a05a
SHA1: f8be112d2b017baa111e385886e3cd6d447e7f33
SHA256:2741fcd58f71ff97eefc006b8d74154da084723753b5d6947fd53d9543317316

Identifiers

  • None

helpers.js

File Path: /github/workspace/zmscalldisplay/vendor/tracy/tracy/src/Tracy/assets/helpers.js
MD5: 22291596fcf46576fbf952f4ff6ec362
SHA1: 6e3f850f5951b252173cf4c0f41ad2e32ed11939
SHA256:db550de99ec013d1c08805a2d76c4c5d982e96ad84f07e4363296673df53e5a5

Identifiers

  • None

index.js

File Path: /github/workspace/zmscalldisplay/js/index.js
MD5: 070a412d384afc51264a892a932b69b5
SHA1: a8a897d6dd7b97603db9b49bdab6b8e98136431d
SHA256:6405f00128ea66ba70d2cde7b08dff83ee396a29db50ccd7e5e8bbdcc57e09fb

Identifiers

  • None

jquery.min.js

File Path: /github/workspace/zmscalldisplay/vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/jquery.min.js
MD5: c9771cc3e90e18f5336eedbd0fffb2cf
SHA1: 6ee8aaa3ac1f4e0ae18717a3fd26892e9f0e4cc5
SHA256:3e7501d15c3630e791c8b20392eb9dee31a9f65ce3efdde76cef5c710141ab24

Identifiers

  • None

nv.d3.min.js

File Path: /github/workspace/zmscalldisplay/vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/nv.d3.min.js
MD5: faf359a29dd581bd8f288f15ea24d063
SHA1: 25249613b132ff52b704f6f52bc52a1b06bfa64a
SHA256:0ec70f7ac9519d96d4a814bccfa73f574a3b3a8c2646eeaa449ccea68033fe7c

Identifiers

  • None

open-editor.js

File Path: /github/workspace/zmscalldisplay/vendor/tracy/tracy/tools/open-in-editor/windows/open-editor.js
MD5: 768504f6a16bcbb92e4f934bc748cd5f
SHA1: 180f2fc5828e209334d531b5690f2688db5fb313
SHA256:071c893fa96c1940161258784d571fe8ec6aa10b93365c8993b001f25badd33d

Identifiers

  • None

qrCode.js

File Path: /github/workspace/zmscalldisplay/js/block/qrCode.js
MD5: 04081130e12a2d3686535b697a93c4b0
SHA1: 3ef7d1e71f988ba3378e4ca764e1ea2c93f92b78
SHA256:0f0cd8ea0f6d5b3fbe53861caa9faddc6804f31ecb94758beadeec365e78f5ab

Identifiers

  • None

queueList.js

File Path: /github/workspace/zmscalldisplay/js/block/queueList.js
MD5: 54f53f0f4f25138f9620e07c20180aa1
SHA1: 2006fb81b0f540a5ffdb73ef17cf84d37fa72177
SHA256:f093bb18f3eb158d41ee1fdd22fe294884fd8bf6b1d633752838ae0b9a3647be

Identifiers

  • None

ringAudio.js

File Path: /github/workspace/zmscalldisplay/js/block/ringAudio.js
MD5: fb0a63c699694de7821766e02b88f439
SHA1: 61960b5d03d351807ba167f0651e66a1611b9cbe
SHA256:e935d44f350815dd0fd8bc8214f9019ae3a901668896acc7f531403a85c510d3

Identifiers

  • None

settings.js

File Path: /github/workspace/zmscalldisplay/js/settings.js
MD5: a2320a1c7ba36dda616ba51899786779
SHA1: 7a20398172cf97005288bdc953b5c525b770d65d
SHA256:34c803053f0ae2ecb4cd054050661cae77f44120f26efb31253ed6602aee21b6

Identifiers

  • None

table-sort.js

File Path: /github/workspace/zmscalldisplay/vendor/tracy/tracy/src/Tracy/assets/table-sort.js
MD5: 94691a23df5fdd9b04e802f126746bde
SHA1: f366cdbc896cba74b2802b489b37c02afd37ad83
SHA256:9457c18c3f34de45becb447759878bd8e49d1a30cca387aaf5dec1c895e9c8a7

Identifiers

  • None

tabs.js

File Path: /github/workspace/zmscalldisplay/vendor/tracy/tracy/src/Tracy/assets/tabs.js
MD5: 24eb02e61eb1830764a78d9d4b00d046
SHA1: 72b3152b2c012508a6064f3998e33856a0ef2d67
SHA256:ea38495a19f612057902d786212f3b942123ecf518419e7ce728fc4b943f6ddb

Identifiers

  • None

toggle.js

File Path: /github/workspace/zmscalldisplay/vendor/tracy/tracy/src/Tracy/assets/toggle.js
MD5: 2ea8d7fad6192690d2dcf46c2698994e
SHA1: 000c31d840283b2456f95408e5d37f98ff9d45a0
SHA256:527868421055fe097163e604bf5dafc1127fffe1540c972126f803fd31c1ecad

Identifiers

  • None

waitingInfo.js

File Path: /github/workspace/zmscalldisplay/js/block/waitingInfo.js
MD5: 932b68530f60819e130b8cdaea42192e
SHA1: 436c524f98fc4e36bc5e0f7d266f45f9500543ae
SHA256:a9b09467f730a5cfa3c18b55f3f65b1d4d4ca7f892737f6d04e6722d31249e9b

Identifiers

  • None


This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.