Uploaded image for project: 'Apache Cordova'
  1. Apache Cordova
  2. CB-10590

Known security vulnerabilities in dependencies of current version of express: qs@0.4.x and connect@1.x

    XMLWordPrintableJSON

Details

    Description

      There are known security vulnerabilities in dependencies of current version of express: qs@0.4.x and connect@1.x. See https://nodesecurity.io/advisories/qs_dos_extended_event_loop_blocking and https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting for more detail. Can we bump express so that these vulnerabilities go away?

      Attachments

        Activity

          People

            pmuellr Patrick Mueller
            saclaxton@gmail.com Spencer A Claxton
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: