vue-cli-plugin-electron-builder icon indicating copy to clipboard operation
vue-cli-plugin-electron-builder copied to clipboard

Published 20 hours ago verified publisher icon nklayman

Vulnerability in transitive dependency

Open fatadel opened this issue 1 year ago • 2 comments

The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket. Dependency chain: vue-cli-plugin-electron-builder => electron-builder => update-notifier => latest-version => package-json => got.

fatadel avatar Jul 14 '22 16:07 fatadel

Reproducible on the latest (2.1.1) version, did not investigate other versions.

fatadel avatar Jul 14 '22 16:07 fatadel

Oh, it looks like this repo is not maintained which the audit did not fix for so long, and so does the V3 version. I meet this issue too, bro.

SD-Gaming avatar Nov 07 '22 03:11 SD-Gaming