Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

found 1 high severity vulnerability #2626

Closed
Yonom opened this issue Sep 4, 2020 · 6 comments
Closed

found 1 high severity vulnerability #2626

Yonom opened this issue Sep 4, 2020 · 6 comments

Comments

@Yonom
Copy link

Yonom commented Sep 4, 2020

Library Affected:
workbox-build

Browser & Platform:
npm 6.14.6
node v12.18.3

Issue or Feature Request Description:
Security issue due to outdated rollup-plugin-terser dependency.

Reproduction steps:

npm init -y
npm install workbox-build
npm audit

Output:

                       === npm audit security report ===                        
                                                                                
┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Remote Code Execution                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ serialize-javascript                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.1.0                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ workbox-build                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ workbox-build > rollup-plugin-terser > serialize-javascript  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1548                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 high severity vulnerability in 1110 scanned packages
  1 vulnerability requires manual review. See the full report for details.
@Yonom Yonom mentioned this issue Sep 4, 2020
Closed
@Yonom
Copy link
Author

Yonom commented Sep 4, 2020

Fixed via TrySound/rollup-plugin-terser#90 (comment)

npm audit fix was able to solve the issue now.

@Yonom Yonom closed this as completed Sep 4, 2020
@OliverWang1226
Copy link

I solved this after the steps you mentioned:

npm init -y
npm v12.18.3
npm audit fix

Thx, bro

@ghost
Copy link

ghost commented Feb 10, 2023

resuelto esto
con las instrucciones el 2 de febrero de 2022
npm init -y
npm install workbox-build
npm audit

@Kazy0004
Copy link

لقد قمت بحل هذا بعد الخطوات التي ذكرتها:

npm init -y
npm v12.18.3
npm audit fix

تشك إخوانه

ماهي الثغرة التي قد تكون خطيرة

@Kazy0004
Copy link

ماهي الثغرة التي قد تكون خطيرة

@Kazy0004
Copy link

فضلًا اخبرني عن الثغرة التي تحدثت عنها

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Yonom @OliverWang1226 @Kazy0004