Need help in fixing the Security Vulnerability when we use node-vibrant latest version (3.2.1-alpha & 3.1.6) #141
Comments
|
Please let me know if there are any progress on this. |
|
Found one on this library through Snyk as well with the library of xml2js regarding Prototype pollution https://snyk.io/vuln/SNYK-JS-XML2JS-5414874 recommendation is to upgrade to higher version. I am installing uniswap widget and it was raised in this issue following this path @uniswap/widgets@2.43.2 › node-vibrant@3.2.1-alpha.1 › @vibrant/image-node@3.2.1-alpha.1 › @jimp/custom@0.16.2 › @jimp/core@0.16.2 › load-bmfont@1.4.1 › parse-bmfont-xml@1.1.4 › xml2js@0.4.23 |
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
We have one high security vulnerability issue when using the node-vibrant package. We tried latest version 3.2.1-alpha and 3.1.6.
Issue: file-type Denial of Service (DoS)
Introduced through
node-vibrant@3.1.6
Fixed in
file-type@16.5.4, @17.1.3.
Any timely help is highly appreciated.
Thanks,
Suresh
The text was updated successfully, but these errors were encountered: