files_lock
files_lock copied to clipboard
nextcloud
[stable29] Fix npm audit
Audit report
This audit fix resolves 10 of the total 14 vulnerabilities found in your project.
Updated dependencies
- @nextcloud/files
- @nextcloud/l10n
- axios
- dompurify
- elliptic
- micromatch
- node-gettext
- rollup
- vite
- vue-tsc
Fixed vulnerabilities
@nextcloud/files #
- Caused by vulnerable dependency:
- @nextcloud/l10n
- Affected versions: >=1.1.0
- Package usage:
node_modules/@nextcloud/files
@nextcloud/l10n #
- Caused by vulnerable dependency:
- node-gettext
- Affected versions: >=1.1.0
- Package usage:
node_modules/@nextcloud/l10n
axios #
- Server-Side Request Forgery in axios
- Severity: high
- Reference: https://github.com/advisories/GHSA-8hc4-vh64-cxmj
- Affected versions: 1.3.2 - 1.7.3
- Package usage:
node_modules/axios
dompurify #
- DOMPurify allows tampering by prototype pollution
- Severity: high (CVSS 7)
- Reference: https://github.com/advisories/GHSA-mmhx-hmjr-r674
- Affected versions: 3.0.0 - 3.1.2
- Package usage:
node_modules/dompurify
elliptic #
- Elliptic's EDDSA missing signature length check
- Severity: low (CVSS 5.3)
- Reference: https://github.com/advisories/GHSA-f7q4-pwc6-w24p
- Affected versions: 2.0.0 - 6.5.6
- Package usage:
node_modules/elliptic
micromatch #
- Regular Expression Denial of Service (ReDoS) in micromatch
- Severity: moderate (CVSS 5.3)
- Reference: https://github.com/advisories/GHSA-952p-6rrq-rcjv
- Affected versions: <4.0.8
- Package usage:
node_modules/micromatch
node-gettext #
- node-gettext vulnerable to Prototype Pollution
- Severity: moderate (CVSS 5.9)
- Reference: https://github.com/advisories/GHSA-g974-hxvm-x689
- Affected versions: *
- Package usage:
node_modules/node-gettext
rollup #
- DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS
- Severity: high (CVSS 6.4)
- Reference: https://github.com/advisories/GHSA-gcx4-mw62-g8wm
- Affected versions: 3.0.0 - 3.29.4
- Package usage:
node_modules/rollup
vite #
- Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
- Severity: moderate (CVSS 6.4)
- Reference: https://github.com/advisories/GHSA-64vr-g452-qvp3
- Affected versions: 4.0.0 - 4.5.3
- Package usage:
node_modules/vite
vue-tsc #
- Caused by vulnerable dependency:
- @vue/language-core
- Affected versions: 1.7.0-alpha.0 - 2.0.28
- Package usage:
node_modules/vue-tsc
