Skip to content
This repository has been archived by the owner on Nov 16, 2023. It is now read-only.

Versions of eslint-utils >=1.2.0 or <1.4.1 are vulnerable to Arbitrary Code Execution. #30

Open
sphilee opened this issue Oct 10, 2019 · 0 comments

Comments

@sphilee
Copy link

sphilee commented Oct 10, 2019

USERui-MacBook-Pro:driver-license user$ npm audit --registry=https://registry.npmjs.org

                                                                                
                       === npm audit security report ===                        
                                                                                
# Run  npm update eslint-utils --depth 3  to resolve 1 vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical      │ Arbitrary Code Execution                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ eslint-utils                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ eslint-config-naver [dev]                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ eslint-config-naver > eslint > eslint-utils                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1118                            │
└───────────────┴──────────────────────────────────────────────────────────────┘


found 1 critical severity vulnerability in 901864 scanned packages
  run `npm audit fix` to fix 1 of them.

https://www.npmjs.com/advisories/1118
https://github.com/naver/eslint-config-naver/blob/master/package-lock.json#L223

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant