This repository has been archived by the owner on May 4, 2022. It is now read-only.

同学，您这个项目引入了101个开源组件，存在14个漏洞，辛苦升级一下 #4

Open

dependasec bot opened this issue Mar 14, 2022 · 0 comments

dependasec bot commented Mar 14, 2022

检测到 jwanner83/Notifyer 一共引入了101个开源组件，存在14个漏洞

漏洞标题：requests 代码注入漏洞
缺陷组件：xmlhttprequest-ssl@1.5.3
漏洞编号：CVE-2020-28502
漏洞描述：Dan DeFelippi node-XMLHttpRequest是  （Dan DeFelippi）开源的一个应用软件。用于模拟浏览器XMLHttpRequest对象。
node-XMLHttpRequest before 1.7.0 存在代码注入漏洞，攻击者可利用该漏洞导致任意代码注入并运行。
影响范围：(∞, 1.6.2)
最小修复版本：1.6.2
缺陷组件引入路径：socket-chat-example@0.0.1->socket.io@1.7.4->socket.io-client@1.7.4->engine.io-client@1.8.5->xmlhttprequest-ssl@1.5.3

另外还有14个漏洞，详细报告：https://mofeisec.com/jr?p=i59681

The text was updated successfully, but these errors were encountered:

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.