New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
npm audit critical findings #564
Comments
Thank you for reporting this! I don't think this affects us. From the report: "For this vulnerability to be exploited an attacker needs to control the iface argument to the one method."
Since this issue doesn't really affect us, I don't think we'll take any immediate step to fix it. There is a PR up in the macaddress repo that fixes it: scravy/node-macaddress#18. I'll keep this issue open so that we don't forget about this potential footgun though, until a fix is commited upstream. EDIT: If we do use |
There's the uuid module that also supports uuid 1345 but doesn't support parsing. |
uuid-1345 and macaddress both got an update which fixes the underlying vulnerability. We might want to bump the package.json version of uuid-1345 to 0.99.7 so that people get the secure version. |
after updating to 0.99.7 locally (and rerunning npm install), I'm still getting warning with npm audit. No idea how that works |
|
Just writing to let you know that the current NPM package reports this little gem has a critical security issue to patch.
results of
npm audit
The text was updated successfully, but these errors were encountered: