yarn-audit-known-issues

{"actions":[],"advisories":{"1097650":{"findings":[{"version":"3.4.2","paths":["@hmcts/properties-volume>@azure/identity"]}],"metadata":null,"vulnerable_versions":"<4.2.1","module_name":"@azure/identity","severity":"moderate","github_advisory_id":"GHSA-m5vv-6r4h-3vj9","cves":["CVE-2024-35255"],"access":"public","patched_versions":">=4.2.1","cvss":{"score":5.5,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},"updated":"2024-06-19T17:43:19.000Z","recommendation":"Upgrade to version 4.2.1 or later","cwe":["CWE-362"],"found_by":null,"deleted":null,"id":1097650,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-35255\n- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255\n- https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499\n- https://github.com/Azure/azure-sdk-for-js/commit/c6aa75d312ae463e744163cedfd8fc480cc8d492\n- https://github.com/Azure/azure-sdk-for-python/commit/cb065acd7d0f957327dc4f02d1646d4e51a94178\n- https://github.com/Azure/azure-sdk-for-java/commit/5bf020d6ea056de40e2738e3647a4e06f902c18d\n- https://github.com/Azure/azure-sdk-for-net/commit/9279a4f38bf69b457cfb9b354f210e0a540a5c53\n- https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340\n- https://github.com/advisories/GHSA-m5vv-6r4h-3vj9","created":"2024-06-11T18:30:50.000Z","reported_by":null,"title":"Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability","npm_advisory_id":null,"overview":"Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.","url":"https://github.com/advisories/GHSA-m5vv-6r4h-3vj9"}},"muted":[],"metadata":{"vulnerabilities":{"info":0,"low":0,"moderate":1,"high":0,"critical":0},"dependencies":532,"devDependencies":0,"optionalDependencies":0,"totalDependencies":532}}