viewer
viewer copied to clipboard
nextcloud
[stable28] Fix npm audit
Audit report
This audit fix resolves 15 of the total 22 vulnerabilities found in your project.
Updated dependencies
- @nextcloud/dialogs
- @nextcloud/files
- @nextcloud/l10n
- @nextcloud/webpack-vue-config
- @vue/component-compiler-utils
- cookie
- elliptic
- express
- http-proxy-middleware
- node-gettext
- postcss
- vue-async-computed
- vue-loader
- vue-resize
- vue-template-compiler
Fixed vulnerabilities
@nextcloud/dialogs #
- Caused by vulnerable dependency:
- @nextcloud/files
- @nextcloud/l10n
- @nextcloud/vue
- vue
- vue-frag
- Affected versions: >=2.0.0
- Package usage:
node_modules/@nextcloud/dialogs
@nextcloud/files #
- Caused by vulnerable dependency:
- @nextcloud/l10n
- Affected versions: >=1.1.0
- Package usage:
node_modules/@nextcloud/files
@nextcloud/l10n #
- Caused by vulnerable dependency:
- node-gettext
- Affected versions: >=1.1.0
- Package usage:
node_modules/@nextcloud/l10n
@nextcloud/webpack-vue-config #
- Caused by vulnerable dependency:
- vue
- vue-loader
- vue-template-compiler
- Affected versions: *
- Package usage:
node_modules/@nextcloud/webpack-vue-config
@vue/component-compiler-utils #
- Caused by vulnerable dependency:
- postcss
- Affected versions: *
- Package usage:
node_modules/@vue/component-compiler-utils
cookie #
- cookie accepts cookie name, path, and domain with out of bounds characters
- Severity: low
- Reference: https://github.com/advisories/GHSA-pxg6-pf52-xh8x
- Affected versions: <0.7.0
- Package usage:
node_modules/cookie
elliptic #
- Valid ECDSA signatures erroneously rejected in Elliptic
- Severity: low
- Reference: https://github.com/advisories/GHSA-fc9h-whq2-v747
- Affected versions: <=6.5.7
- Package usage:
node_modules/elliptic
express #
- Caused by vulnerable dependency:
- cookie
- Affected versions: 3.0.0-alpha1 - 4.21.0 || 5.0.0-alpha.1 - 5.0.0
- Package usage:
node_modules/express
http-proxy-middleware #
- Denial of service in http-proxy-middleware
- Severity: high (CVSS 7.5)
- Reference: https://github.com/advisories/GHSA-c7qv-q95q-8v27
- Affected versions: <2.0.7
- Package usage:
node_modules/http-proxy-middleware
node-gettext #
- node-gettext vulnerable to Prototype Pollution
- Severity: moderate (CVSS 5.9)
- Reference: https://github.com/advisories/GHSA-g974-hxvm-x689
- Affected versions: *
- Package usage:
node_modules/node-gettext
postcss #
- PostCSS line return parsing error
- Severity: moderate (CVSS 5.3)
- Reference: https://github.com/advisories/GHSA-7fh5-64p2-3v2j
- Affected versions: <8.4.31
- Package usage:
node_modules/@vue/component-compiler-utils/node_modules/postcss
vue-async-computed #
- Caused by vulnerable dependency:
- vue
- Affected versions: 2.0.0-rc.1 - 4.0.0-mixin.0
- Package usage:
node_modules/vue-async-computed
vue-loader #
- Caused by vulnerable dependency:
- @vue/component-compiler-utils
- Affected versions: 15.0.0-beta.1 - 15.11.1
- Package usage:
node_modules/vue-loader
vue-resize #
- Caused by vulnerable dependency:
- vue
- Affected versions: 0.4.0 - 1.0.1
- Package usage:
node_modules/vue-resize
vue-template-compiler #
- vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
- Severity: moderate (CVSS 4.2)
- Reference: https://github.com/advisories/GHSA-g3ch-rx76-35fx
- Affected versions: >=2.0.0
- Package usage:
node_modules/vue-template-compiler
