ldap_write_support
ldap_write_support copied to clipboard
nextcloud
[stable29] Fix npm audit
Audit report
This audit fix resolves 9 of the total 13 vulnerabilities found in your project.
Updated dependencies
- @nextcloud/dialogs
- @nextcloud/files
- @nextcloud/l10n
- @nextcloud/vue
- dompurify
- node-gettext
- rollup
- vite
- vue-tsc
Fixed vulnerabilities
@nextcloud/dialogs #
- Caused by vulnerable dependency:
- @nextcloud/files
- @nextcloud/l10n
- @nextcloud/vue
- Affected versions: >=2.0.0
- Package usage:
node_modules/@nextcloud/dialogs
@nextcloud/files #
- Caused by vulnerable dependency:
- @nextcloud/l10n
- Affected versions: >=1.1.0
- Package usage:
node_modules/@nextcloud/files
@nextcloud/l10n #
- Caused by vulnerable dependency:
- node-gettext
- Affected versions: >=1.1.0
- Package usage:
node_modules/@nextcloud/l10n
@nextcloud/vue #
- Caused by vulnerable dependency:
- @nextcloud/l10n
- Affected versions: >=1.4.0
- Package usage:
node_modules/@nextcloud/vue
dompurify #
- DOMPurify allows tampering by prototype pollution
- Severity: high (CVSS 7)
- Reference: https://github.com/advisories/GHSA-mmhx-hmjr-r674
- Affected versions: 3.0.0 - 3.1.2
- Package usage:
node_modules/dompurify
node-gettext #
- node-gettext vulnerable to Prototype Pollution
- Severity: moderate (CVSS 5.9)
- Reference: https://github.com/advisories/GHSA-g974-hxvm-x689
- Affected versions: *
- Package usage:
node_modules/node-gettext
rollup #
- DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS
- Severity: high (CVSS 6.4)
- Reference: https://github.com/advisories/GHSA-gcx4-mw62-g8wm
- Affected versions: 4.0.0 - 4.22.3
- Package usage:
node_modules/rollup
vite #
- Vite's
server.fs.denyis bypassed when using?import&raw - Severity: moderate (CVSS 5.3)
- Reference: https://github.com/advisories/GHSA-9cwx-2883-4wfx
- Affected versions: 5.2.0 - 5.2.13
- Package usage:
node_modules/vite
vue-tsc #
- Caused by vulnerable dependency:
- @vue/language-core
- Affected versions: 1.7.0-alpha.0 - 2.0.28
- Package usage:
node_modules/vue-tsc
