Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerabilities reported by npm audit #243

Open
tomaszs opened this issue Sep 6, 2019 · 1 comment
Open

Vulnerabilities reported by npm audit #243

tomaszs opened this issue Sep 6, 2019 · 1 comment

Comments

@tomaszs
Copy link

tomaszs commented Sep 6, 2019

Npm audit reports several high vunerabilities in the package:

Low Prototype Pollution

Package lodash

Dependency of ngx-openlayers

Path ngx-openlayers > openlayers > closure-util > async > lodash

More info https://nodesecurity.io/advisories/577

High Prototype Pollution

Package lodash

Dependency of ngx-openlayers

Path ngx-openlayers > openlayers > closure-util > async > lodash

More info https://nodesecurity.io/advisories/782

High Prototype Pollution

Package lodash

Dependency of ngx-openlayers

Path ngx-openlayers > openlayers > closure-util > async > lodash

More info https://nodesecurity.io/advisories/1065

                             Manual Review                                  
         Some vulnerabilities require your attention to resolve             
                                                                            
      Visit https://go.npm.me/audit-guide for additional guidance

High Downloads Resources over HTTP

Package closure-util

Patched in No patch available

Dependency of ngx-openlayers

Path ngx-openlayers > openlayers > closure-util

More info https://nodesecurity.io/advisories/165

High Regular Expression Denial of Service

Package fresh

Patched in >= 0.5.2

Dependency of ngx-openlayers

Path ngx-openlayers > openlayers > closure-util > send > fresh

More info https://nodesecurity.io/advisories/526

Low Regular Expression Denial of Service

Package debug

Patched in >= 2.6.9 < 3.0.0 || >= 3.1.0

Dependency of ngx-openlayers

Path ngx-openlayers > openlayers > closure-util > send > debug

More info https://nodesecurity.io/advisories/534

Low Regular Expression Denial of Service

Package debug

Patched in >= 2.6.9 < 3.0.0 || >= 3.1.0

Dependency of ngx-openlayers

Path ngx-openlayers > openlayers > closure-util > socket.io >
socket.io-client > debug

More info https://nodesecurity.io/advisories/534

Moderate Regular Expression Denial of Service

Package mime

Patched in >= 1.4.1 < 2.0.0 || >= 2.0.3

Dependency of ngx-openlayers

Path ngx-openlayers > openlayers > closure-util > send > mime

More info https://nodesecurity.io/advisories/535

Moderate Prototype Pollution

Package hoek

Patched in > 4.2.0 < 5.0.0 || >= 5.0.3

Dependency of ngx-openlayers

Path ngx-openlayers > openlayers > closure-util > get-down >
request > hawk > boom > hoek

More info https://nodesecurity.io/advisories/566

Moderate Prototype Pollution

Package hoek

Patched in > 4.2.0 < 5.0.0 || >= 5.0.3

Dependency of ngx-openlayers

Path ngx-openlayers > openlayers > closure-util > get-down >
request > hawk > cryptiles > boom > hoek

More info https://nodesecurity.io/advisories/566

Moderate Prototype Pollution

Package hoek

Patched in > 4.2.0 < 5.0.0 || >= 5.0.3

Dependency of ngx-openlayers

Path ngx-openlayers > openlayers > closure-util > get-down >
request > hawk > hoek

More info https://nodesecurity.io/advisories/566

Moderate Prototype Pollution

Package hoek

Patched in > 4.2.0 < 5.0.0 || >= 5.0.3

Dependency of ngx-openlayers

Path ngx-openlayers > openlayers > closure-util > get-down >
request > hawk > sntp > hoek

More info https://nodesecurity.io/advisories/566

Low Prototype Pollution

Package lodash

Patched in >=4.17.5

Dependency of ngx-openlayers

Path ngx-openlayers > openlayers > closure-util > lodash

More info https://nodesecurity.io/advisories/577

High Prototype Pollution

Package lodash

Patched in >=4.17.11

Dependency of ngx-openlayers

Path ngx-openlayers > openlayers > closure-util > lodash

More info https://nodesecurity.io/advisories/782

High Prototype Pollution

Package lodash

Patched in >=4.17.12

Dependency of ngx-openlayers

Path ngx-openlayers > openlayers > closure-util > lodash

More info https://nodesecurity.io/advisories/1065

High Prototype Pollution

Package handlebars

Patched in >=4.0.14 <4.1.0 || >=4.1.2

Dependency of ngx-openlayers

Path ngx-openlayers > openlayers > closure-util > handlebars

More info https://nodesecurity.io/advisories/755

High Arbitrary File Overwrite

Package decompress-zip

Patched in >=0.2.2 <0.3.0 || >=0.3.2

Dependency of ngx-openlayers

Path ngx-openlayers > openlayers > closure-util > get-down >
decompress-zip

More info https://nodesecurity.io/advisories/777

High Arbitrary File Overwrite

Package tar

Patched in >=2.2.2 <3.0.0 || >=4.4.2

Dependency of ngx-openlayers

Path ngx-openlayers > openlayers > closure-util > get-down > tar

More info https://nodesecurity.io/advisories/803

Moderate Regular Expression Denial of Service

Package marked

Patched in >=0.6.2

Dependency of ngx-openlayers

Path ngx-openlayers > openlayers > jsdoc > marked

More info https://nodesecurity.io/advisories/812

Is there any way to fix them?
@Helveg
Copy link

Helveg commented Mar 12, 2020

@quentin-ol Any news on this? There's 25 vulnerabilities. Is this project still maintained?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tomaszs @Helveg