Skip to content
This repository has been archived by the owner on Sep 7, 2020. It is now read-only.

Critical Vulnerability in outdated version of webpack-dev-server #10

Open
voor opened this issue Aug 27, 2018 · 0 comments
Open

Critical Vulnerability in outdated version of webpack-dev-server #10

voor opened this issue Aug 27, 2018 · 0 comments

Comments

@voor
Copy link

voor commented Aug 27, 2018

This library is causing some issues with your downstream components:

$ npm audit
                                                                                
                       === npm audit security report ===                        
                                                                                
┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical      │ Command Injection                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ open                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ No patch available                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ graphql-playground-react                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ graphql-playground-react > graphcool-styles >                │
│               │ webpack-dev-server > open                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/663                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical      │ Command Injection                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ open                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ No patch available                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ graphql-playground-react                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ graphql-playground-react > graphcool-tmp-ui >                │
│               │ graphcool-styles > webpack-dev-server > open                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/663                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 2 critical severity vulnerabilities in 19590 scanned packages
  2 vulnerabilities require manual review. See the full report for details.

Recommend updating webpack-dev-server to avoid confusion people might start getting with security advisories.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@voor