forcedomain icon indicating copy to clipboard operation
forcedomain copied to clipboard
verified publisher icon thenativeweb

Dependencies vulnerable to Prototype Pollution

Open Talb2005 opened this issue 3 years ago • 0 comments

npm audit report

express <=4.17.2 || 5.0.0-alpha.1 - 5.0.0-alpha.8 Severity: high qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp Depends on vulnerable versions of body-parser Depends on vulnerable versions of qs fix available via npm audit fix --force Will install [email protected], which is a breaking change node_modules/forcedomain/node_modules/express forcedomain >=2.1.0 Depends on vulnerable versions of express node_modules/forcedomain

qs 6.7.0 - 6.7.2 Severity: high qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp fix available via npm audit fix --force Will install [email protected], which is a breaking change node_modules/forcedomain/node_modules/qs body-parser 1.19.0 Depends on vulnerable versions of qs node_modules/forcedomain/node_modules/body-parser

4 high severity vulnerabilities

Talb2005 avatar Dec 11 '22 09:12 Talb2005