Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

found 1 high severity vulnerability #2626

Closed
Yonom opened this issue Sep 4, 2020 · 6 comments
Closed

found 1 high severity vulnerability #2626

Yonom opened this issue Sep 4, 2020 · 6 comments

Comments

@Yonom
Copy link

Yonom commented Sep 4, 2020

Library Affected:
workbox-build

Browser & Platform:
npm 6.14.6
node v12.18.3

Issue or Feature Request Description:
Security issue due to outdated rollup-plugin-terser dependency.

Reproduction steps:

npm init -y
npm install workbox-build
npm audit

Output:

                       === npm audit security report ===                        
                                                                                
┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Remote Code Execution                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ serialize-javascript                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.1.0                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ workbox-build                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ workbox-build > rollup-plugin-terser > serialize-javascript  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1548                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 high severity vulnerability in 1110 scanned packages
  1 vulnerability requires manual review. See the full report for details.
@Yonom Yonom mentioned this issue Sep 4, 2020
Closed
@Yonom
Copy link
Author

Yonom commented Sep 4, 2020

Fixed via TrySound/rollup-plugin-terser#90 (comment)

npm audit fix was able to solve the issue now.

@Yonom Yonom closed this as completed Sep 4, 2020
@OliverWang1226
Copy link

I solved this after the steps you mentioned:

npm init -y
npm v12.18.3
npm audit fix

Thx, bro

@ghost
Copy link

ghost commented Feb 10, 2023

resuelto esto
con las instrucciones el 2 de febrero de 2022
npm init -y
npm install workbox-build
npm audit

@Kazy0004
Copy link

لقد قمت بحل هذا بعد الخطوات التي ذكرتها:

npm init -y
npm v12.18.3
npm audit fix

تشك إخوانه

ماهي الثغرة التي قد تكون خطيرة

@Kazy0004
Copy link

ماهي الثغرة التي قد تكون خطيرة

@Kazy0004
Copy link

فضلًا اخبرني عن الثغرة التي تحدثت عنها

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Yonom @OliverWang1226 @Kazy0004