Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security problem #28

Open
vioao opened this issue Aug 5, 2020 · 2 comments
Open

Security problem #28

vioao opened this issue Aug 5, 2020 · 2 comments
Labels
help wanted

Comments

@vioao
Copy link

vioao commented Aug 5, 2020

There are some security problems.

Below is the dependency

`-- [email protected]
  `-- [email protected]
    `-- [email protected]
      +-- [email protected]
      | `-- [email protected]
      `-- [email protected]

Below is the problem.

CVE-2017-16026
moderate severity
Vulnerable versions: >= 2.49.0, < 2.68.0
Patched version: 2.68.0
Affected versions of request will disclose local system memory to remote systems in certain circumstances. When a multipart request is made, and the type of body is number, then a buffer of that size will be allocated and sent to the remote server as the body.
@njzjz
Copy link

njzjz commented Jan 5, 2021

Hi @tea3 , you can use https://dependabot.com/ to get some PRs automatically

@Misaka13514
Copy link

Hi @tea3 , you can use https://dependabot.com/ to get some PRs automatically

Dependabot cannot update them to a non-vulnerable version

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@vioao @njzjz @tea3 @Misaka13514