ar1em/yarn_audit_json.json

## yarn_audit_json.json
{"type":"auditAdvisory","data":{"resolution":{"id":782,"path":"lodash","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.2.0","paths":["lodash"],"dev":false,"optional":false,"bundled":false}],"id":782,"created":"2019-02-13T16:16:53.770Z","updated":"2019-02-13T16:16:53.770Z","deleted":null,"title":"Prototype Pollution","found_by":{"link":"","name":"asgerf"},"reported_by":{"link":"","name":"asgerf"},"module_name":"lodash","cves":["CVE-2018-16487"],"vulnerable_versions":"<4.17.11","patched_versions":">=4.17.11","overview":"Versions of `lodash` before 4.17.5 are vulnerable to prototype pollution. \n\nThe vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.\n\n","recommendation":"Update to version 4.17.11 or later.","references":"- [HackerOne Report](https://hackerone.com/reports/380873)","access":"public","severity":"moderate","cwe":"CWE-471","metadata":{"module_type":"","exploitability":3,"affected_components":""},"url":"https://npmjs.com/advisories/782"}}}
{"type":"auditAdvisory","data":{"resolution":{"id":577,"path":"lodash","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.2.0","paths":["lodash"],"dev":false,"optional":false,"bundled":false}],"id":577,"created":"2018-04-24T14:27:02.796Z","updated":"2018-04-24T14:27:13.049Z","deleted":null,"title":"Prototype Pollution","found_by":{"name":"Olivier Arteau (HoLyVieR)"},"reported_by":{"name":"Olivier Arteau (HoLyVieR)"},"module_name":"lodash","cves":["CVE-2018-3721"],"vulnerable_versions":"<4.17.5","patched_versions":">=4.17.5","overview":"Versions of `lodash` before 4.17.5 are vulnerable to prototype pollution. \n\nThe vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of `Object` via `__proto__` causing the addition or modification of an existing property that will exist on all objects.\n\n","recommendation":"Update to version 4.17.5 or later.","references":"- [HackerOne Report](https://hackerone.com/reports/310443)","access":"public","severity":"low","cwe":"CWE-471","metadata":{"module_type":"","exploitability":1,"affected_components":""},"url":"https://npmjs.com/advisories/577"}}}
{"type":"auditAdvisory","data":{"resolution":{"id":566,"path":"hoek","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"2.16.3","paths":["hoek"],"dev":false,"optional":false,"bundled":false}],"id":566,"created":"2018-04-20T21:25:58.421Z","updated":"2019-02-14T16:00:33.922Z","deleted":null,"title":"Prototype Pollution","found_by":{"name":"HoLyVieR"},"reported_by":{"name":"HoLyVieR"},"module_name":"hoek","cves":[],"vulnerable_versions":"<= 4.2.0 || >= 5.0.0 < 5.0.3","patched_versions":"> 4.2.0 < 5.0.0 || >= 5.0.3","overview":"Versions of `hoek` prior to 4.2.1 and 5.0.3 are vulnerable to prototype pollution.\n\nThe `merge` function, and the `applyToDefaults` and `applyToDefaultsWithShallow` functions which leverage `merge` behind the scenes, are vulnerable to a prototype pollution attack when provided an _unvalidated_ payload created from a JSON string containing the `__proto__` property.\n\nThis can be demonstrated like so:\n\n```javascript\nvar Hoek = require('hoek');\nvar malicious_payload = '{\"__proto__\":{\"oops\":\"It works !\"}}';\n\nvar a = {};\nconsole.log(\"Before : \" + a.oops);\nHoek.merge({}, JSON.parse(malicious_payload));\nconsole.log(\"After : \" + a.oops);\n```\n\nThis type of attack can be used to overwrite existing properties causing a potential denial of service.","recommendation":"Update to version 4.2.1, 5.0.3 or later.","references":"","access":"public","severity":"moderate","cwe":"CWE-471","metadata":{"module_type":"","exploitability":5,"affected_components":""},"url":"https://npmjs.com/advisories/566"}}}
{"type":"auditSummary","data":{"vulnerabilities":{"info":0,"low":1,"moderate":2,"high":0,"critical":0},"dependencies":2,"devDependencies":0,"optionalDependencies":0,"totalDependencies":2}
	{"type":"auditAdvisory","data":{"resolution":{"id":782,"path":"lodash","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.2.0","paths":["lodash"],"dev":false,"optional":false,"bundled":false}],"id":782,"created":"2019-02-13T16:16:53.770Z","updated":"2019-02-13T16:16:53.770Z","deleted":null,"title":"Prototype Pollution","found_by":{"link":"","name":"asgerf"},"reported_by":{"link":"","name":"asgerf"},"module_name":"lodash","cves":["CVE-2018-16487"],"vulnerable_versions":"<4.17.11","patched_versions":">=4.17.11","overview":"Versions of `lodash` before 4.17.5 are vulnerable to prototype pollution. \n\nThe vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.\n\n","recommendation":"Update to version 4.17.11 or later.","references":"- [HackerOne Report](https://hackerone.com/reports/380873)","access":"public","severity":"moderate","cwe":"CWE-471","metadata":{"module_type":"","exploitability":3,"affected_components":""},"url":"https://npmjs.com/advisories/782"}}}
	{"type":"auditAdvisory","data":{"resolution":{"id":577,"path":"lodash","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.2.0","paths":["lodash"],"dev":false,"optional":false,"bundled":false}],"id":577,"created":"2018-04-24T14:27:02.796Z","updated":"2018-04-24T14:27:13.049Z","deleted":null,"title":"Prototype Pollution","found_by":{"name":"Olivier Arteau (HoLyVieR)"},"reported_by":{"name":"Olivier Arteau (HoLyVieR)"},"module_name":"lodash","cves":["CVE-2018-3721"],"vulnerable_versions":"<4.17.5","patched_versions":">=4.17.5","overview":"Versions of `lodash` before 4.17.5 are vulnerable to prototype pollution. \n\nThe vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of `Object` via `__proto__` causing the addition or modification of an existing property that will exist on all objects.\n\n","recommendation":"Update to version 4.17.5 or later.","references":"- [HackerOne Report](https://hackerone.com/reports/310443)","access":"public","severity":"low","cwe":"CWE-471","metadata":{"module_type":"","exploitability":1,"affected_components":""},"url":"https://npmjs.com/advisories/577"}}}
	{"type":"auditAdvisory","data":{"resolution":{"id":566,"path":"hoek","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"2.16.3","paths":["hoek"],"dev":false,"optional":false,"bundled":false}],"id":566,"created":"2018-04-20T21:25:58.421Z","updated":"2019-02-14T16:00:33.922Z","deleted":null,"title":"Prototype Pollution","found_by":{"name":"HoLyVieR"},"reported_by":{"name":"HoLyVieR"},"module_name":"hoek","cves":[],"vulnerable_versions":"<= 4.2.0 \|\| >= 5.0.0 < 5.0.3","patched_versions":"> 4.2.0 < 5.0.0 \|\| >= 5.0.3","overview":"Versions of `hoek` prior to 4.2.1 and 5.0.3 are vulnerable to prototype pollution.\n\nThe `merge` function, and the `applyToDefaults` and `applyToDefaultsWithShallow` functions which leverage `merge` behind the scenes, are vulnerable to a prototype pollution attack when provided an _unvalidated_ payload created from a JSON string containing the `__proto__` property.\n\nThis can be demonstrated like so:\n\n```javascript\nvar Hoek = require('hoek');\nvar malicious_payload = '{\"__proto__\":{\"oops\":\"It works !\"}}';\n\nvar a = {};\nconsole.log(\"Before : \" + a.oops);\nHoek.merge({}, JSON.parse(malicious_payload));\nconsole.log(\"After : \" + a.oops);\n```\n\nThis type of attack can be used to overwrite existing properties causing a potential denial of service.","recommendation":"Update to version 4.2.1, 5.0.3 or later.","references":"","access":"public","severity":"moderate","cwe":"CWE-471","metadata":{"module_type":"","exploitability":5,"affected_components":""},"url":"https://npmjs.com/advisories/566"}}}
	{"type":"auditSummary","data":{"vulnerabilities":{"info":0,"low":1,"moderate":2,"high":0,"critical":0},"dependencies":2,"devDependencies":0,"optionalDependencies":0,"totalDependencies":2}