lattice icon indicating copy to clipboard operation
lattice copied to clipboard

Published 20 hours ago verified publisher icon latticejs

[Snyk] Security upgrade systeminformation from 3.54.0 to 5.3.4

Open Rahulgarg30591 opened this issue 3 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • examples/apollo-real-time-chart/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 718/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5		 Server-side Request Forgery (SSRF)
SNYK-JS-SYSTEMINFORMATION-1078290		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: systeminformation The new version differs by 250 commits.
  • 0dedf36 5.3.4
  • 3b20fd7 sanitizeShellString() optimized strict sanitation
  • 881dde4 Merge pull request #496 from 418sec/4-npm-systeminformation
  • 0e03d7c Merge pull request #6 from EffectRenan/master
  • e64cb03 Fix possible security issue in inetChecksite()
  • 078ea40 Merge pull request #1 from sebhildebrandt/master
  • e561cc0 5.3.3
  • 825baba dockerContainerStats() fixed ID splitting
  • eff1254 5.3.2
  • c28b46d inetChecksite() possible security issue fix
  • fbb5c2a 5.3.1
  • ca2d753 updated docs
  • 07daa05 docker, processLoad fixed potential security issue
  • 2e92938 Merge pull request #492 from 418sec/2-npm-systeminformation
  • 74f5164 Merge pull request #4 from EffectRenan/master
  • d4675e7 Merge branch 'master' into master
  • 1392644 Command Injection - array
  • 1e3b479 Command Injection - array
  • d000198 Command Injection - array
  • f947637 5.3.0
  • 91b56e8 updated docs
  • 469a761 osInfo() added remoteSession (windows)
  • 660377b osInfo() added remoteSession (windows)
  • 2aef062 5.2.7

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Rahulgarg30591 avatar Mar 05 '21 03:03 Rahulgarg30591