New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WS-2018-0588 (High severity) detected in querystringify #2000
Comments
querystringify in webpack-dev-server is the latest version. I think that is a bug on the github side. |
@hiroppy it may be a issue on my side. I'll get back to you later. The GitHub security check claims something is wrong, but I'm away from my computer right now. Thank you for your time, have a great day :) |
Same with my gatsby project repos ,I did a yarn audit... No vulnerabilities found |
Please open issue in Also all security problems better report in DM (gitter, slack) or email. Also we use |
Thank you for your patience. The issue was on my side. I cannot reproduce any problems locally or find the old version that Github claims I have. I'm sorry i wasted your time and wrongly accused you of using outdated packages. Thank you for your helpful responses. Have a wonderful day! :) |
no problem, thank you for the reporting. |
Have you solved this? |
@C451 No. I'm not sure where to report errors with the GitHub "Security Alerts". I think Microsoft will resolve that issue eventually. It fails to create an automated "security fix" pull request
|
It seems strange that only a few people experience this bug, considering how many people use webpack. I will try to contact the support. |
Yesterday, I saw this security alert at this repo, but now I cannot see this alert. So, this problem was fixed. |
Hmmm, I still see the alert. Anyways, it is better to send them a letter. Edit: the alert just magically disappeared. Probably the support team has the ability to read our minds. |
Its partially gone for me now. Its not in my repo, nor in the Security Alerts overview, but there is a message about it that i can't read under notifications. Seams like Microsoft is fixing it. |
Code
No code, see unshiftio/querystringify#19
Expected Behavior
To be secure
Actual Behavior
A vulnerability was found in querystringify before 2.0.0.
For Bugs; How can we reproduce the behavior?
A vulnerability was found in querystringify before 2.0.0. It's possible to override built-in properties of the resulting query string object if a malicious string is inserted in the query string.
For Features; What is the motivation and/or use-case for the feature?
Security. See more here: unshiftio/querystringify#19
The text was updated successfully, but these errors were encountered: