umi icon indicating copy to clipboard operation
umi copied to clipboard

Published 20 hours ago verified publisher icon umijs

bug: mime模块拒绝服务漏洞 - [email protected] - 间接引入

Open Leo-Shaoqiang opened this issue 2 years ago • 1 comments

Versions

  • dumi: 1.1.40
  • node: v14.19.1
  • npm: v6.14.16
  • OS: windows 10
  • Browser: 103.0.5060.114(正式版本) (64 位)

Steps to reproduce

在拉下项目之后,安装依赖出现以下问题: image

What is Expected?

该组件存在漏洞,是否需要升级组件以修复改问题。 完整报告:https://www.oscs1024.com/cd/1530221122195529728?sign=7c3f1921&report=1 漏洞详情:https://www.oscs1024.com/hd/MPS-2018-7211?s=m

What is actually happening?

Leo-Shaoqiang avatar Jul 14 '22 02:07 Leo-Shaoqiang

需要修复,已转到 Umi 仓库处理,感谢反馈

PeachScript avatar Jul 14 '22 08:07 PeachScript

@sorrycc 这个漏洞在umi3版本上也存在,有大概的修复时间么?

williamnie avatar Oct 18 '22 03:10 williamnie