Getting an Image Vulnerability error for node.js for path-parse Prisma Cloud

Question

Getting an Image Vulnerability error for node.js for path-parse, in the docker image scan post build.

node version: 12.16.1 Image: alpine3:3.10.2

Error from vulnerability image scan

Fix Status fixed in: 1.0.7

All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.

I tried the below commands to fix the issue.

RUN npm install path-parse@1.0.7 \
    && yarn add path-parse \

and

RUN npm install --save path-parse \

But after the code change both the commands were tried, docker build still the scan shows same result.

Please let me know if there are any pointers for this issue.

ref: https://www.npmjs.com/package/path-parse

Thanks in Advance.

Which Node package manager are you actually using? Which version is in the corresponding lock file? Can you provide your complete Docker setup? — David Maze, Aug 13 '21 at 10:41

score 0 · Answer 1 · answered Aug 19 '21 at 15:37

0

I am also facing the same issue. The node version I use is 14.17.3 npm v6.14.13

Package-lock.json has the right version of path-parse (1.0.7)

I tried pinning path-parse in the resolutions section in the package.json file. The same issue was seen.

answered Aug 19 '21 at 15:37

Kiran Joshy

1
3

Getting an Image Vulnerability error for node.js for path-parse Prisma Cloud

1 Answers1