hexo-related-popular-posts icon indicating copy to clipboard operation
hexo-related-popular-posts copied to clipboard

Published 20 hours ago verified publisher icon tea3

Security problem

Open victorymakes opened this issue 5 years ago • 2 comments

There are some security problems.

Below is the dependency

`-- [email protected]
  `-- [email protected]
    `-- [email protected]
      +-- [email protected]
      | `-- [email protected]
      `-- [email protected]

Below is the problem.

CVE-2017-16026 moderate severity Vulnerable versions: >= 2.49.0, < 2.68.0 Patched version: 2.68.0 Affected versions of request will disclose local system memory to remote systems in certain circumstances. When a multipart request is made, and the type of body is number, then a buffer of that size will be allocated and sent to the remote server as the body.

victorymakes avatar Aug 05 '20 03:08 victorymakes

Hi @tea3 , you can use https://dependabot.com/ to get some PRs automatically

njzjz avatar Jan 05 '21 00:01 njzjz

Hi @tea3 , you can use https://dependabot.com/ to get some PRs automatically

Dependabot cannot update them to a non-vulnerable version

Misaka13514 avatar Feb 12 '21 12:02 Misaka13514