We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hello,
I just wanted to point out that this library is using an insecure version of the mime package.
$ nsp check --reporter json
{ "id": 535, "updated_at": "2017-09-27T18:25:14.673Z", "created_at": "2017-09-25T19:02:28.152Z", "publish_date": "2017-09-27T18:25:14.672Z", "overview": "The mime module is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.", "recommendation": "Upgrade to version 2.0.3 or greater.", "cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss_score": 7.5, "module": "mime", "version": "1.3.6", "vulnerable_versions": "< 1.4.1 || > 2.0.0 < 2.0.3", "patched_versions": ">= 1.4.1 < 2.0.0 || >= 2.0.3", "title": "Regular Expression Denial of Service", "path": [ "[email protected]", "@mapbox/[email protected]", "[email protected]" ], "advisory": "https://nodesecurity.io/advisories/535" }
Best, Kyle
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Hello,
I just wanted to point out that this library is using an insecure version of the mime package.
$ nsp check --reporter jsonBest,
Kyle
The text was updated successfully, but these errors were encountered: