node.bcrypt.js icon indicating copy to clipboard operation
node.bcrypt.js copied to clipboard

Published 20 hours ago verified publisher icon kelektiv

Regular Expression Denial of Service (ReDoS) from ansi-regex

Open trmpowell opened this issue 3 years ago • 1 comments

  • What went wrong? Snyk is reporting a high severity vulnarability from bcrypt dependencies:
  ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in [email protected]
    introduced by [email protected] > @mapbox/[email protected] > [email protected] > [email protected] > [email protected] > [email protected] and 157 other path(s)
  This issue was fixed in versions: 6.0.1

I added a comment to a relevant issue for gauge: https://github.com/npm/gauge/issues/127

  • What did you expect to happen? No high sev vulnerabilities reported by Snyk.

  • Which version of nodejs and OS? node v 14.17.1

trmpowell avatar Sep 14 '21 04:09 trmpowell

The same is also reported via github security integration / dependabot

image

allanice001 avatar Sep 30 '21 07:09 allanice001