vuetify-material-dashboard icon indicating copy to clipboard operation
vuetify-material-dashboard copied to clipboard

Published 20 hours ago verified publisher icon creativetimofficial

High severity vulnerability in a dependence

Open realtebo opened this issue 6 years ago • 1 comments

I am trying today for the first time your project, so thanks in advance.

We run automatic tests, one of these is the standard npm audit.

This is the actual report, I know that it's not a direct dependency so probably it's not easy to fix, but I just want to warn you. In our case we moved tar into a direct dep of our project and updated.

npm audit

                       === npm audit security report ===


                                 Manual Review
             Some vulnerabilities require your attention to resolve

          Visit https://go.npm.me/audit-guide for additional guidance


  High            Arbitrary File Overwrite

  Package         tar

  Patched in      >=4.4.2

  Dependency of   node-sass

  Path            node-sass > node-gyp > tar

  More info       https://nodesecurity.io/advisories/803

found 1 high severity vulnerability in 24220 scanned packages
  1 vulnerability requires manual review. See the full report for details

realtebo avatar Apr 26 '19 16:04 realtebo

https://github.com/sass/node-sass/issues/2625

v0idpwn avatar May 08 '19 20:05 v0idpwn