Update ranges

Author: eoftedal

repository/jsrepository-master.json

@@ -4874,10 +4874,7 @@
     "vulnerabilities": [
       {
         "ranges": [
-          {
-            "atOrAbove": "0",
-            "below": "1.12.0"
-          }
+          {"atOrAbove":"1.0.0","below":"1.12.0"}
         ],
         "summary": "## Summary\n\nWhen Axios runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response.\nThis path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: 'stream'`.",
         "identifiers": {
@@ -6402,9 +6399,7 @@
     "vulnerabilities": [
       {
         "ranges": [
-          {
-            "below": "4.17.11"
-          }
+          {"atOrAbove":"4.7.0","below":"4.17.11"}
         ],
         "summary": "Regular Expression Denial of Service (ReDoS) in lodash",
         "cwe": ["CWE-400"],
@@ -6559,9 +6554,7 @@
       },
       {
         "ranges": [
-          {
-            "below": "4.17.21"
-          }
+          {"atOrAbove":"4.0.0","below":"4.17.21"}
         ],
         "summary": "Regular Expression Denial of Service (ReDoS) in lodash",
         "cwe": ["CWE-1333", "CWE-400"],

repository/jsrepository-v2.json

@@ -6477,7 +6477,7 @@
         ]
       },
       {
-        "atOrAbove": "0",
+        "atOrAbove": "1.0.0",
         "below": "1.12.0",
         "severity": "high",
         "cwe": [
@@ -8189,6 +8189,7 @@
         ]
       },
       {
+        "atOrAbove": "4.7.0",
         "below": "4.17.11",
         "cwe": [
           "CWE-400"
@@ -8270,68 +8271,69 @@
       {
         "below": "4.17.21",
         "cwe": [
-          "CWE-1333",
-          "CWE-400"
+          "CWE-77",
+          "CWE-94"
         ],
-        "severity": "medium",
+        "severity": "high",
         "identifiers": {
-          "summary": "Regular Expression Denial of Service (ReDoS) in lodash",
+          "summary": "Command Injection in lodash",
           "CVE": [
-            "CVE-2020-28500"
+            "CVE-2021-23337"
           ],
-          "githubID": "GHSA-29mw-wpgm-hmr9"
+          "githubID": "GHSA-35jh-r3h4-6jhm"
         },
         "info": [
-          "https://github.com/advisories/GHSA-29mw-wpgm-hmr9",
-          "https://nvd.nist.gov/vuln/detail/CVE-2020-28500",
-          "https://github.com/lodash/lodash/pull/5065",
-          "https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7",
-          "https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a",
+          "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
+          "https://nvd.nist.gov/vuln/detail/CVE-2021-23337",
+          "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c",
           "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
           "https://github.com/lodash/lodash",
-          "https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8",
+          "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851",
+          "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851",
           "https://security.netapp.com/advisory/ntap-20210312-0006/",
-          "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896",
-          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894",
-          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892",
-          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895",
-          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893",
-          "https://snyk.io/vuln/SNYK-JS-LODASH-1018905",
+          "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932",
+          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930",
+          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928",
+          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931",
+          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929",
+          "https://snyk.io/vuln/SNYK-JS-LODASH-1040724",
           "https://www.oracle.com//security-alerts/cpujul2021.html",
           "https://www.oracle.com/security-alerts/cpujan2022.html",
           "https://www.oracle.com/security-alerts/cpujul2022.html",
           "https://www.oracle.com/security-alerts/cpuoct2021.html"
         ]
       },
       {
+        "atOrAbove": "4.0.0",
         "below": "4.17.21",
         "cwe": [
-          "CWE-77",
-          "CWE-94"
+          "CWE-1333",
+          "CWE-400"
         ],
-        "severity": "high",
+        "severity": "medium",
         "identifiers": {
-          "summary": "Command Injection in lodash",
+          "summary": "Regular Expression Denial of Service (ReDoS) in lodash",
           "CVE": [
-            "CVE-2021-23337"
+            "CVE-2020-28500"
           ],
-          "githubID": "GHSA-35jh-r3h4-6jhm"
+          "githubID": "GHSA-29mw-wpgm-hmr9"
         },
         "info": [
-          "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
-          "https://nvd.nist.gov/vuln/detail/CVE-2021-23337",
-          "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c",
+          "https://github.com/advisories/GHSA-29mw-wpgm-hmr9",
+          "https://nvd.nist.gov/vuln/detail/CVE-2020-28500",
+          "https://github.com/lodash/lodash/pull/5065",
+          "https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7",
+          "https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a",
           "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
           "https://github.com/lodash/lodash",
-          "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851",
-          "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851",
+          "https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8",
           "https://security.netapp.com/advisory/ntap-20210312-0006/",
-          "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932",
-          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930",
-          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928",
-          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931",
-          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929",
-          "https://snyk.io/vuln/SNYK-JS-LODASH-1040724",
+          "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896",
+          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894",
+          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892",
+          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895",
+          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893",
+          "https://snyk.io/vuln/SNYK-JS-LODASH-1018905",
           "https://www.oracle.com//security-alerts/cpujul2021.html",
           "https://www.oracle.com/security-alerts/cpujan2022.html",
           "https://www.oracle.com/security-alerts/cpujul2022.html",

repository/jsrepository-v3.json

@@ -6623,7 +6623,7 @@
           ]
         },
         {
-          "atOrAbove": "0",
+          "atOrAbove": "1.0.0",
           "below": "1.12.0",
           "severity": "high",
           "cwe": [
@@ -8375,6 +8375,7 @@
           ]
         },
         {
+          "atOrAbove": "4.7.0",
           "below": "4.17.11",
           "cwe": [
             "CWE-400"
@@ -8456,68 +8457,69 @@
         {
           "below": "4.17.21",
           "cwe": [
-            "CWE-1333",
-            "CWE-400"
+            "CWE-77",
+            "CWE-94"
           ],
-          "severity": "medium",
+          "severity": "high",
           "identifiers": {
-            "summary": "Regular Expression Denial of Service (ReDoS) in lodash",
+            "summary": "Command Injection in lodash",
             "CVE": [
-              "CVE-2020-28500"
+              "CVE-2021-23337"
             ],
-            "githubID": "GHSA-29mw-wpgm-hmr9"
+            "githubID": "GHSA-35jh-r3h4-6jhm"
           },
           "info": [
-            "https://github.com/advisories/GHSA-29mw-wpgm-hmr9",
-            "https://nvd.nist.gov/vuln/detail/CVE-2020-28500",
-            "https://github.com/lodash/lodash/pull/5065",
-            "https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7",
-            "https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a",
+            "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
+            "https://nvd.nist.gov/vuln/detail/CVE-2021-23337",
+            "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c",
             "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
             "https://github.com/lodash/lodash",
-            "https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8",
+            "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851",
+            "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851",
             "https://security.netapp.com/advisory/ntap-20210312-0006/",
-            "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896",
-            "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894",
-            "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892",
-            "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895",
-            "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893",
-            "https://snyk.io/vuln/SNYK-JS-LODASH-1018905",
+            "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932",
+            "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930",
+            "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928",
+            "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931",
+            "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929",
+            "https://snyk.io/vuln/SNYK-JS-LODASH-1040724",
             "https://www.oracle.com//security-alerts/cpujul2021.html",
             "https://www.oracle.com/security-alerts/cpujan2022.html",
             "https://www.oracle.com/security-alerts/cpujul2022.html",
             "https://www.oracle.com/security-alerts/cpuoct2021.html"
           ]
         },
         {
+          "atOrAbove": "4.0.0",
           "below": "4.17.21",
           "cwe": [
-            "CWE-77",
-            "CWE-94"
+            "CWE-1333",
+            "CWE-400"
           ],
-          "severity": "high",
+          "severity": "medium",
           "identifiers": {
-            "summary": "Command Injection in lodash",
+            "summary": "Regular Expression Denial of Service (ReDoS) in lodash",
             "CVE": [
-              "CVE-2021-23337"
+              "CVE-2020-28500"
             ],
-            "githubID": "GHSA-35jh-r3h4-6jhm"
+            "githubID": "GHSA-29mw-wpgm-hmr9"
           },
           "info": [
-            "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
-            "https://nvd.nist.gov/vuln/detail/CVE-2021-23337",
-            "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c",
+            "https://github.com/advisories/GHSA-29mw-wpgm-hmr9",
+            "https://nvd.nist.gov/vuln/detail/CVE-2020-28500",
+            "https://github.com/lodash/lodash/pull/5065",
+            "https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7",
+            "https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a",
             "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
             "https://github.com/lodash/lodash",
-            "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851",
-            "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851",
+            "https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8",
             "https://security.netapp.com/advisory/ntap-20210312-0006/",
-            "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932",
-            "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930",
-            "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928",
-            "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931",
-            "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929",
-            "https://snyk.io/vuln/SNYK-JS-LODASH-1040724",
+            "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896",
+            "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894",
+            "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892",
+            "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895",
+            "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893",
+            "https://snyk.io/vuln/SNYK-JS-LODASH-1018905",
             "https://www.oracle.com//security-alerts/cpujul2021.html",
             "https://www.oracle.com/security-alerts/cpujan2022.html",
             "https://www.oracle.com/security-alerts/cpujul2022.html",

repository/jsrepository-v4.json

@@ -6622,7 +6622,7 @@
         ]
       },
       {
-        "atOrAbove": "0",
+        "atOrAbove": "1.0.0",
         "below": "1.12.0",
         "severity": "high",
         "cwe": [
@@ -8374,6 +8374,7 @@
         ]
       },
       {
+        "atOrAbove": "4.7.0",
         "below": "4.17.11",
         "cwe": [
           "CWE-400"
@@ -8455,68 +8456,69 @@
       {
         "below": "4.17.21",
         "cwe": [
-          "CWE-1333",
-          "CWE-400"
+          "CWE-77",
+          "CWE-94"
         ],
-        "severity": "medium",
+        "severity": "high",
         "identifiers": {
-          "summary": "Regular Expression Denial of Service (ReDoS) in lodash",
+          "summary": "Command Injection in lodash",
           "CVE": [
-            "CVE-2020-28500"
+            "CVE-2021-23337"
           ],
-          "githubID": "GHSA-29mw-wpgm-hmr9"
+          "githubID": "GHSA-35jh-r3h4-6jhm"
         },
         "info": [
-          "https://github.com/advisories/GHSA-29mw-wpgm-hmr9",
-          "https://nvd.nist.gov/vuln/detail/CVE-2020-28500",
-          "https://github.com/lodash/lodash/pull/5065",
-          "https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7",
-          "https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a",
+          "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
+          "https://nvd.nist.gov/vuln/detail/CVE-2021-23337",
+          "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c",
           "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
           "https://github.com/lodash/lodash",
-          "https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8",
+          "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851",
+          "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851",
           "https://security.netapp.com/advisory/ntap-20210312-0006/",
-          "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896",
-          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894",
-          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892",
-          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895",
-          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893",
-          "https://snyk.io/vuln/SNYK-JS-LODASH-1018905",
+          "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932",
+          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930",
+          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928",
+          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931",
+          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929",
+          "https://snyk.io/vuln/SNYK-JS-LODASH-1040724",
           "https://www.oracle.com//security-alerts/cpujul2021.html",
           "https://www.oracle.com/security-alerts/cpujan2022.html",
           "https://www.oracle.com/security-alerts/cpujul2022.html",
           "https://www.oracle.com/security-alerts/cpuoct2021.html"
         ]
       },
       {
+        "atOrAbove": "4.0.0",
         "below": "4.17.21",
         "cwe": [
-          "CWE-77",
-          "CWE-94"
+          "CWE-1333",
+          "CWE-400"
         ],
-        "severity": "high",
+        "severity": "medium",
         "identifiers": {
-          "summary": "Command Injection in lodash",
+          "summary": "Regular Expression Denial of Service (ReDoS) in lodash",
           "CVE": [
-            "CVE-2021-23337"
+            "CVE-2020-28500"
           ],
-          "githubID": "GHSA-35jh-r3h4-6jhm"
+          "githubID": "GHSA-29mw-wpgm-hmr9"
         },
         "info": [
-          "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
-          "https://nvd.nist.gov/vuln/detail/CVE-2021-23337",
-          "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c",
+          "https://github.com/advisories/GHSA-29mw-wpgm-hmr9",
+          "https://nvd.nist.gov/vuln/detail/CVE-2020-28500",
+          "https://github.com/lodash/lodash/pull/5065",
+          "https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7",
+          "https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a",
           "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
           "https://github.com/lodash/lodash",
-          "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851",
-          "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851",
+          "https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8",
           "https://security.netapp.com/advisory/ntap-20210312-0006/",
-          "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932",
-          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930",
-          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928",
-          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931",
-          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929",
-          "https://snyk.io/vuln/SNYK-JS-LODASH-1040724",
+          "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896",
+          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894",
+          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892",
+          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895",
+          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893",
+          "https://snyk.io/vuln/SNYK-JS-LODASH-1018905",
           "https://www.oracle.com//security-alerts/cpujul2021.html",
           "https://www.oracle.com/security-alerts/cpujan2022.html",
           "https://www.oracle.com/security-alerts/cpujul2022.html",