Skip to content
This repository has been archived by the owner on Apr 3, 2024. It is now read-only.

[BUG] Critical vulnerability due to [email protected] dependency #454

Open
sunita1112 opened this issue Dec 16, 2021 · 0 comments
Open

[BUG] Critical vulnerability due to [email protected] dependency #454

sunita1112 opened this issue Dec 16, 2021 · 0 comments

Comments

@sunita1112
Copy link

What / Why

We are using @npmcorp/[email protected] in our project and we see there is a critical vulnerability exposed by the dependency [email protected]

We are using snyk tool to identify vulnerabilities. Here is snyk report:

✗ Arbitrary Code Execution [Critical Severity][https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-585892] in [email protected]
  introduced by @npmcorp/[email protected] > [email protected]
This issue was fixed in versions: 2.0.0-beta

✗ Validation Bypass [Medium Severity][https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070780] in [email protected]
  introduced by @npmcorp/[email protected] > [email protected]
This issue was fixed in versions: 2.3.2
✗ Access Restriction Bypass [Medium Severity][https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070786] in [email protected]
  introduced by @npmcorp/[email protected] > [email protected]
This issue was fixed in versions: 2.3.1

Can you please look into it and upgrade the sanitize-html dependency?
Thanks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sunita1112