gulp-webserver icon indicating copy to clipboard operation
gulp-webserver copied to clipboard

Published 20 hours ago verified publisher icon schickling

critical vulnerability

Open takezaki opened this issue 6 years ago • 2 comments

npm audit shows critical vulnerability of gulp-webserver. Is there plan to fix it?

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical      │ Command Injection                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ open                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ No patch available                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-webserver [dev]                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ gulp-webserver > open                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/663                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

takezaki avatar Sep 16 '18 06:09 takezaki

@schickling can you please share whether you have plans to fix this issue or not?

ranbuch avatar Jun 19 '19 05:06 ranbuch

I think at this point, it makes sense to use https://github.com/avevlad/gulp-connect. It doesn't have any vulnerabilities and works just the same. It took me ~3 minutes to swap libraries.

manzanit0 avatar Jun 25 '19 13:06 manzanit0