SQ31104
Detected presence of critical severity vulnerabilities.
| priority | CI/CD status | severity | effort | RL level | RL assessment |
|---|---|---|---|---|---|
 | fail | high | high | 5 | vulnerabilities: fail Reason: critical severity vulnerabilities |
About the issueโ
Software composition analysis has identified a component with one or more known vulnerabilities. Based on the CVSS scoring, these vulnerabilities have been marked as critical severity.
How to resolve the issueโ
- Perform impact analysis for the reported CVEs.
- We strongly advise updating the component to the latest version.
- If the update can't resolve the issue, create a plan to isolate or replace the affected component.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes.
For every repository, the chart shows the percentage of projects that triggered the software assurance policy. In other words, it shows how many projects were found to have the specific issue described on this page.
The percentages are calculated from the total amount of packages analyzed:
- RubyGems: 174K
- Nuget: 189K
- PyPi: 403K
- NPM: 2.1M
Recommended readingโ
- Understanding vulnerabilities (External resource - National Cyber Security Centre)
- Vulnerability Severity Levels (External resource - Invicti)