bin-wrapper icon indicating copy to clipboard operation
bin-wrapper copied to clipboard

Published 20 hours ago verified publisher icon kevva

High security vulnerability reported due to dependency on decompress

Open jimmyandrade opened this issue 4 years ago • 3 comments

As reported by npm audit:

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Arbitrary File Write                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ decompress                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ No patch available                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gatsby-plugin-sharp                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ bin-wrapper > download > decompress                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1217                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

jimmyandrade avatar Feb 29 '20 13:02 jimmyandrade

Report: https://npmjs.com/advisories/1217

shiftgeist avatar Mar 02 '20 10:03 shiftgeist

#77

tjbulick avatar Apr 14 '20 23:04 tjbulick

Reopening. Closed by mistake.

jimmyandrade avatar Apr 28 '20 12:04 jimmyandrade