This repository has been archived by the owner on Nov 16, 2023. It is now read-only.
Versions of eslint-utils >=1.2.0 or <1.4.1 are vulnerable to Arbitrary Code Execution. #30
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
USERui-MacBook-Pro:driver-license user$ npm audit --registry=https://registry.npmjs.org === npm audit security report === # Run npm update eslint-utils --depth 3 to resolve 1 vulnerability ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Critical │ Arbitrary Code Execution │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ eslint-utils │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ eslint-config-naver [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ eslint-config-naver > eslint > eslint-utils │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/1118 │ └───────────────┴──────────────────────────────────────────────────────────────┘ found 1 critical severity vulnerability in 901864 scanned packages run `npm audit fix` to fix 1 of them.https://www.npmjs.com/advisories/1118
https://github.com/naver/eslint-config-naver/blob/master/package-lock.json#L223
The text was updated successfully, but these errors were encountered: