Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Moderate severity vulnerabilities found #64

Open
Raffone17 opened this issue Jan 31, 2024 · 0 comments
Open

Moderate severity vulnerabilities found #64

Raffone17 opened this issue Jan 31, 2024 · 0 comments

Comments

@Raffone17
Copy link
Contributor

Got alerts from npm audit of 7 moderate severity vulnerabilities when using this package:

# npm audit report

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/request
  node-gyp  <=7.1.2
  Depends on vulnerable versions of request
  node_modules/node-gyp
    usocket  0.2.2 - 0.3.0
    Depends on vulnerable versions of node-gyp
    node_modules/usocket
      dbus-next  *
      Depends on vulnerable versions of usocket
      Depends on vulnerable versions of xml2js
      node_modules/dbus-next
        node-ble  >=0.0.2
        Depends on vulnerable versions of dbus-next
        node_modules/node-ble

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/tough-cookie

xml2js  <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc
No fix available
node_modules/xml2js

7 moderate severity vulnerabilities
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Raffone17