Skip to content

Vulnerability 1012 #2118

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dalefrancis88 opened this issue Jul 12, 2019 · 5 comments
Closed

Vulnerability 1012 #2118

dalefrancis88 opened this issue Jul 12, 2019 · 5 comments

Comments

@dalefrancis88
Copy link

Team,

https://www.npmjs.com/advisories/1012 was just raised today. It looks like it's based in http-proxy-middleware do you guys have an estimate on how long you think it'll take to get a release out that'll resolve this?

it looks like cache-base may be the bottleneck here
@alexander-akait
Copy link
Member

It is development server, so this security problem is not high priority here, also we don't use set-value directly so we can't do something on our side, please open issue in cache-base, sorry

@dalefrancis88
Copy link
Author

I did, i actually created a PR but i was curious if you guys were actively engaging is all

@alexander-akait
Copy link
Member

Let's keep open for tracking

@mixtur
Copy link

mixtur commented Jul 15, 2019
edited
Loading

For me it looks like I suddenly went from 0 vulnerabilities to uh... 765? I guess there is сombinatorial explosion involved.
Ok, maybe there is no real vulnerability here. But If there was now, I would have definitely missed it behind these 765.

@alexander-akait
Copy link
Member

Problem was on npm side, now we doesn't have any vulnerability, thanks for issue

@terrorizer1980 terrorizer1980 mentioned this issue Aug 8, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dalefrancis88 @mixtur @alexander-akait