Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

transitive vulnerability yargs < 13.3.0 #447

Closed
darcyclarke opened this issue Nov 8, 2019 · 3 comments
Closed

transitive vulnerability yargs < 13.3.0 #447

darcyclarke opened this issue Nov 8, 2019 · 3 comments
Labels
Bug thing that needs fixing

Comments

@darcyclarke
Copy link
Contributor 

  Original bug ticket: [https://npm.community/t/9111](https://npm.community/t/9111)
  Originally filed: 2019-07-26T05:15:07.575Z
@darcyclarke darcyclarke added Bug thing that needs fixing Community labels Nov 8, 2019
@cyberrranger
Copy link

you mean?

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Denial of Service                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ mem                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.0.0                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ npm > libnpx > yargs > os-locale > mem                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1084                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

@anders-kiaer
Copy link

Related npm/npx#22

@hvolschenk
Copy link

Related: npm/npx#32

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug thing that needs fixing
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@darcyclarke @hvolschenk @cyberrranger @anders-kiaer and others