http-party
http-server stable version
Hi, We are using 0.12.3 version of http-server. As a dependent package, 1.5.1 version of opener package has been installed.
This version of opener has 4 High Vulnerabilities (CVE-2021-27478, CVE-2021-27482, CVE-2021-27498, CVE-2021-27500) with scores 7.5 for all the respective ID's. Is there a way to fix those vulnerabilities. If so, can you please let us know how to do?
Environment Versions
- http-server version:
0.12.3
I think this project needs a package overhaul - some of the dependencies are no longer actively maintained, union is a big one - I had to replicate some of the code previously for another fix.
I'll do an assessment and see if there's suitable alternatives to revive this.
I had a closer look and your vulnerabilities are for a completely different package: https://github.com/EIPStackGroup/OpENer rather than https://github.com/domenic/opener
There are 3 moderate security issues, but these are tied to other packages (tap & request):
┌─────────────────────┬───────────────────────────────────────────────────┐
│ moderate │ Denial of Service in mem │
├─────────────────────┼───────────────────────────────────────────────────┤
│ Package │ mem │
├─────────────────────┼───────────────────────────────────────────────────┤
│ Vulnerable versions │ <4.0.0 │
├─────────────────────┼───────────────────────────────────────────────────┤
│ Patched versions │ >=4.0.0 │
├─────────────────────┼───────────────────────────────────────────────────┤
│ More info │ https://github.com/advisories/GHSA-4xcv-9jjx-gfj3 │
└─────────────────────┴───────────────────────────────────────────────────┘
┌─────────────────────┬───────────────────────────────────────────────────┐
│ moderate │ yargs-parser Vulnerable to Prototype Pollution │
├─────────────────────┼───────────────────────────────────────────────────┤
│ Package │ yargs-parser │
├─────────────────────┼───────────────────────────────────────────────────┤
│ Vulnerable versions │ >=6.0.0 <13.1.2 │
├─────────────────────┼───────────────────────────────────────────────────┤
│ Patched versions │ >=13.1.2 │
├─────────────────────┼───────────────────────────────────────────────────┤
│ More info │ https://github.com/advisories/GHSA-p9pc-299p-vxgp │
└─────────────────────┴───────────────────────────────────────────────────┘
┌─────────────────────┬───────────────────────────────────────────────────┐
│ moderate │ Prototype Pollution in Ajv │
├─────────────────────┼───────────────────────────────────────────────────┤
│ Package │ ajv │
├─────────────────────┼───────────────────────────────────────────────────┤
│ Vulnerable versions │ <6.12.3 │
├─────────────────────┼───────────────────────────────────────────────────┤
│ Patched versions │ >=6.12.3 │
├─────────────────────┼───────────────────────────────────────────────────┤
│ More info │ https://github.com/advisories/GHSA-v88g-cgmw-v5xw │
└─────────────────────┴───────────────────────────────────────────────────┘
I assume that you need to know more about some servers for your website. I have also fixed this problem and the lessons also look informative to me. Not so long ago I created my own app to grow the business. It has become much easier for users to subscribe to my services, and it's very cool. And to keep the application functional, I turned to vps canada. in fact, they help me support my application and I can spend more time on my business. It's really convenient.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}