You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
$ mkdir /tmp/test &&cd"$_"
$ npm i --save-dev browser-sync@3.0.2
$ npm audit
# npm audit report
send <0.19.0
Severity: moderate
send vulnerable to template injection that can lead to XSS - https://github.com/advisories/GHSA-m6fv-jmcg-4jfg
fix available via `npm audit fix --force`
Will install browser-sync@2.26.2, which is a breaking change
node_modules/send
browser-sync >=2.12.1
Depends on vulnerable versions of send
Depends on vulnerable versions of serve-static
node_modules/browser-sync
serve-static <=1.16.0
Depends on vulnerable versions of send
node_modules/serve-static
3 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
The text was updated successfully, but these errors were encountered:
sdavids
changed the title
Publish a new release with send >= 0.19.0
Publish a new release with send >= 0.19.0; CVE-2024-43799
Sep 15, 2024
The text was updated successfully, but these errors were encountered: