Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

CVE-2014-1936,nodemon introduce rc@1.2.8 raise security issue #2024

Closed
xiangwj opened this issue Jun 22, 2022 · 1 comment
Closed

CVE-2014-1936,nodemon introduce rc@1.2.8 raise security issue #2024

xiangwj opened this issue Jun 22, 2022 · 1 comment

Comments

@xiangwj
Copy link

xiangwj commented Jun 22, 2022

Expected behaviour

version of rc introduced by nodemon later than 1.7.1-5 to fix CVE-2014-1936

Actual behaviour

version of rc introduced by nodemon is 1.2.8

Steps to reproduce

visit https://npm.anvaka.com/#/view/2d/nodemon and find the rc

https://nvd.nist.gov/vuln/detail/CVE-2014-1936
@remy
Copy link
Owner

remy commented Jun 28, 2022

Fixed in #2033

@remy remy closed this as completed Jun 28, 2022
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@remy @xiangwj