[Pkg-javascript-devel] Fwd: dh-sequence-nodejs improvements
Salvatore Bonaccorso
carnil at debian.org
Sat Feb 5 08:39:22 GMT 2022
Hi,
On Sat, Feb 05, 2022 at 08:23:17AM +0100, Yadd wrote:
> On 04/02/2022 17:59, Yadd wrote:
> > Hi,
> >
> > my new pkgjs-audit tool found this 3 vulnerabilities, not found on
> > security-tracker:
> >
> > eslint-config-eslint 5.0.1
> > Severity: critical
> > Malicious Package in eslint-scope -
> > https://github.com/advisories/GHSA-hxxf-q3w9-4xgw
>
> False positive, vulnerable version is 5.0.2 which was removed from Internet
>
> > trim-newlines <3.0.1
> > Severity: high
> > Regular Expression Denial of Service in trim-newlines -
> > https://github.com/advisories/GHSA-7p7h-4mm5-852v
>
> CVE-2021-33623 is marked as not-for-us which is bad. Just fixed into
> unstable
>
> > nth-check <2.0.1
> > Severity: moderate
> > Inefficient Regular Expression Complexity in nth-check -
> > https://github.com/advisories/GHSA-rp65-9cf3-cjxr
>
> CVE-2021-3803 is marked as not-for-us which is bad. Just fixed into unstable
thank you! I have updated the tracking information.
Regards,
Salvatore
More information about the Pkg-javascript-devel
mailing list