Security issues #1150

senner007 · 2020-12-07T09:41:49Z

Issue

Hi :)

I have the below added security issues with nativescript-dev-webpack.

Environment

"dependencies": {
"nativescript-dev-webpack": "1.5.1"
}

npm audit security report

Run npm update terser-webpack-plugin --depth 3 to resolve 2 vulnerabilities

Moderate Cross-Site Scripting

Package serialize-javascript

Dependency of nativescript-dev-webpack [dev]

Path nativescript-dev-webpack > webpack > terser-webpack-plugin >
serialize-javascript
*
More info https://npmjs.com/advisories/1426

High Remote Code Execution

Package serialize-javascript

Dependency of nativescript-dev-webpack [dev]

Path nativescript-dev-webpack > webpack > terser-webpack-plugin >
serialize-javascript

More info https://npmjs.com/advisories/1548

                             Manual Review                                  
         Some vulnerabilities require your attention to resolve             
                                                                            
      Visit https://go.npm.me/audit-guide for additional guidance

Moderate Out-of-bounds Read

Package atob

Patched in >=2.1.0

Dependency of nativescript-dev-webpack [dev]

Path nativescript-dev-webpack > css > source-map-resolve > atob

More info https://npmjs.com/advisories/646

Moderate Cross-Site Scripting

Package serialize-javascript

Patched in >=2.1.1

Dependency of nativescript-dev-webpack [dev]

Path nativescript-dev-webpack > copy-webpack-plugin >
serialize-javascript

More info https://npmjs.com/advisories/1426

Moderate Cross-Site Scripting

Package serialize-javascript

Patched in >=2.1.1

Dependency of nativescript-dev-webpack [dev]

Path nativescript-dev-webpack > terser-webpack-plugin >
serialize-javascript

More info https://npmjs.com/advisories/1426

High Remote Code Execution

Package serialize-javascript

Patched in >=3.1.0

Dependency of nativescript-dev-webpack [dev]

Path nativescript-dev-webpack > copy-webpack-plugin >
serialize-javascript

More info https://npmjs.com/advisories/1548

High Remote Code Execution

Package serialize-javascript

Patched in >=3.1.0

Dependency of nativescript-dev-webpack [dev]

Path nativescript-dev-webpack > terser-webpack-plugin >
serialize-javascript

More info https://npmjs.com/advisories/1548

Low Prototype Pollution

Package yargs-parser

Patched in >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2

Dependency of nativescript-dev-webpack [dev]

Path nativescript-dev-webpack > webpack-cli > yargs >
yargs-parser

More info https://npmjs.com/advisories/1500

High Prototype Pollution

Package object-path

Patched in >=0.11.5

Dependency of nativescript-dev-webpack [dev]

Path nativescript-dev-webpack > resolve-url-loader >
adjust-sourcemap-loader > object-path

More info https://npmjs.com/advisories/1573**

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security issues #1150

Security issues #1150

senner007 commented Dec 7, 2020 •

edited

Loading

Security issues #1150

Security issues #1150

Comments

senner007 commented Dec 7, 2020 • edited Loading

Issue

Environment

npm audit security report

senner007 commented Dec 7, 2020 •

edited

Loading