On 04/02/2022 17:59, Yadd wrote:
Hi,
my new pkgjs-audit tool found this 3 vulnerabilities, not found on
security-tracker:
eslint-config-eslint 5.0.1
Severity: critical
Malicious Package in eslint-scope -
https://github.com/advisories/GHSA-hxxf-q3w9-4xgw
False positive, vulnerable version is 5.0.2 which was removed from Internet
trim-newlines <3.0.1
Severity: high
Regular Expression Denial of Service in trim-newlines -
https://github.com/advisories/GHSA-7p7h-4mm5-852v
CVE-2021-33623 is marked as not-for-us which is bad. Just fixed into
unstable
nth-check <2.0.1
Severity: moderate
Inefficient Regular Expression Complexity in nth-check -
https://github.com/advisories/GHSA-rp65-9cf3-cjxr
CVE-2021-3803 is marked as not-for-us which is bad. Just fixed into unstable
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
