dependency mime ~1.3.4 has a ReDoS vulnerability #90
Comments
pmuellr
pushed a commit
to pmuellr/st
that referenced
this issue
Oct 4, 2017
fixes issue isaacs#90 Info on the vulnerability: https://snyk.io/vuln/npm:mime:20170907 Versions of mime < 1.4.1 are vulnerable. Upgraded from ~1.3.4 to ~1.4.1
|
As nodesecurity's Remediation Please upgrade to version 2.0.3 or greater |
The PR ref'd here - #91 - only upgrades to The NSP page ref'd does say to upgrade to >= 2.0.3 in the big "Remediation" section, but in the top left also says: |
rvagg
pushed a commit
that referenced
this issue
Oct 9, 2017
fixes issue #90 Info on the vulnerability: https://snyk.io/vuln/npm:mime:20170907 Versions of mime < 1.4.1 are vulnerable. Upgraded from ~1.3.4 to ~1.4.1
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
see: https://snyk.io/vuln/npm:mime:20170907
Hopefully this is a simple update of the dependency, will take a look soon.
The text was updated successfully, but these errors were encountered: