Critical Vulnerability in getobject (direct dependency) #31
Comments
|
Any plans on addressing this? |
|
fixed in 59a9539 |
|
@vladikoff, thanks for the fix. |
|
@yanivNaor92 yeap it's in the works |
|
@vladikoff also waiting on this... no rush ;) |
|
@vladikoff We are currently facing vulnerability issues due to this dependency and would like to know what is the planned date for releasing the upgraded grunt-legacy-util to the npm registry. It would be of great help if this can be intimated. |
|
@vladikoff even though the fix was merged, the package was not released since with the fixed dependencies. Please, release it. |
|
… On Thu, Apr 22, 2021 at 11:08 AM Jakub Korál ***@***.***> wrote:
@vladikoff <https://github.com/vladikoff> even though the fix was merged,
the package was not released since with the fixed dependencies. Please,
release it.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#31 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAA7N4YOW6GSBEKTXOFHPXLTKA3YFANCNFSM4WOIATXQ>
.
|
|
@vladikoff thank you for making the release available. Appreciate the quick response. |
|
@vladikoff Big thanks. One less CVE in the sky |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There is a critical (CVSS 9.8) vulnerability in getobject version 0.1.0, with no patched version available. See https://nvd.nist.gov/vuln/detail/CVE-2020-28282
The text was updated successfully, but these errors were encountered: