-
Notifications
You must be signed in to change notification settings - Fork 12k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Snyk Vulnerability: 3 High Severity Vulnerability Found in Angular 9.1.0 #17388
Comments
The framework itself does not ship with those dependencies, but the CLI does use them. Transferring this issue to the CLI team for investigation. |
|
Karma has already switched to a different UA parser, but not released yet: karma-runner/karma#3440. |
Karma release v5.0.0 is out https://github.com/karma-runner/karma/blob/master/CHANGELOG.md |
Closed via #17525 |
This issue has been automatically locked due to inactivity. Read more about our automatic conversation locking policy. This action has been performed automatically by a bot. |
🐞 bug report
Affected Package
Angular 9 uses vulnerable version of dependency package [email protected] and [email protected]. For more detail, refer to the description section
Is this a regression?
This Vulnerability was there in version 9.0.x
Description
Angular 9.1.0 has 3 high-severity vulnerabilities:
✗ High severity vulnerability found in useragent
Description: Regular Expression Denial of Service (ReDoS)
Info: https://snyk.io/vuln/SNYK-JS-USERAGENT-174737
Introduced through: [email protected]
From: [email protected] > [email protected]
✗ High severity vulnerability found in qs
Description: Prototype Override Protection Bypass
Info: https://snyk.io/vuln/npm:qs:20170213
Introduced through: [email protected]
From: [email protected] > [email protected] > [email protected]
✗ High severity vulnerability found in ecstatic
Description: Denial of Service (DoS)
Info: https://snyk.io/vuln/SNYK-JS-ECSTATIC-540354
Introduced through: [email protected]
From: [email protected] > [email protected]
For complete SNYK report, refer the attachment
🌍 Your Environment
Angular Version:
The text was updated successfully, but these errors were encountered: