Skip to content

Fix for known vulnerability in url-loader version #3244

New issue
New issue
Closed
Closed
Fix for known vulnerability in url-loader version#3244
Labels
contributions: claimeddifficulty: starterhacktoberfest
Milestone
 
1.0.x
@JaredVanderford

Description

@JaredVanderford
JaredVanderford
opened on Oct 5, 2017

Is this a bug report?

no

Can you also reproduce the problem with npm 4.x?

Yes

Environment

Irrelevant

Actual Behavior

There is a vulnerability identified by NSP in the version of url-loader currently set as a dependency.
"react-scripts@1.0.14 > url-loader@0.5.9 > mime@1.3.6 "

url-loader has fixed this issue since 0.6.

Activity

Timer

Timer commented on Oct 5, 2017

@Timer
Timer
on Oct 5, 2017
Contributor

I'll accept a PR for this but there's no rush because it's for untrusted user input (& simply a DoS).

Timer
added
contributions: up for grabs!
difficulty: starter
hacktoberfest
on Oct 5, 2017
Timer
added this to the 1.0.x milestone on Oct 5, 2017
Timer
added
contributions: claimed
and removed
contributions: up for grabs!
on Oct 5, 2017
Timer
closed this as completedin 62f0a83on Oct 5, 2017
zmitry
added a commit that references this issue on Aug 14, 2018

Update url-loader to 0.6.2 for mime ReDoS vuln (facebook#3246)

428eac9
lock
locked and limited conversation to collaborators on Jan 21, 2019
LishuGupta652
added a commit that references this issue on Oct 8, 2024

Update url-loader to 0.6.2 for mime ReDoS vuln (facebook#3246)

6e24311
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    contributions: claimeddifficulty: starterhacktoberfest

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @Timer@JaredVanderford

        Issue actions
          Fix for known vulnerability in url-loader version · Issue #3244 · facebook/create-react-app