[Pkg-javascript-devel] Fwd: dh-sequence-nodejs improvements
Yadd
yadd at debian.org
Sat Feb 5 07:23:17 GMT 2022
On 04/02/2022 17:59, Yadd wrote:
> Hi,
>
> my new pkgjs-audit tool found this 3 vulnerabilities, not found on
> security-tracker:
>
> eslint-config-eslint 5.0.1
> Severity: critical
> Malicious Package in eslint-scope -
> https://github.com/advisories/GHSA-hxxf-q3w9-4xgw
False positive, vulnerable version is 5.0.2 which was removed from Internet
> trim-newlines <3.0.1
> Severity: high
> Regular Expression Denial of Service in trim-newlines -
> https://github.com/advisories/GHSA-7p7h-4mm5-852v
CVE-2021-33623 is marked as not-for-us which is bad. Just fixed into
unstable
> nth-check <2.0.1
> Severity: moderate
> Inefficient Regular Expression Complexity in nth-check -
> https://github.com/advisories/GHSA-rp65-9cf3-cjxr
CVE-2021-3803 is marked as not-for-us which is bad. Just fixed into unstable
More information about the Pkg-javascript-devel
mailing list