Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
None
-
None
-
None
Description
Our use of nlf@1.1.0 contains down the tree, a vulnerable library minimatch@2.0.10
(+) 1 vulnerabilities found
┌───────────────┬────────────────────────────────────────────────────────────────────────────┐
│ │ Regular Expression Denial of Service │
├───────────────┼────────────────────────────────────────────────────────────────────────────┤
│ Name │ minimatch │
├───────────────┼────────────────────────────────────────────────────────────────────────────┤
│ Installed │ 2.0.10 │
├───────────────┼────────────────────────────────────────────────────────────────────────────┤
│ Vulnerable │ <=3.0.1 │
├───────────────┼────────────────────────────────────────────────────────────────────────────┤
│ Patched │ >=3.0.2 │
├───────────────┼────────────────────────────────────────────────────────────────────────────┤
│ Path │ cordova-coho@0.0.3 > nlf@1.1.0 > glob@4.5.3 > minimatch@2.0.10 │
├───────────────┼────────────────────────────────────────────────────────────────────────────┤
│ More Info │ https://nodesecurity.io/advisories/118 │
└───────────────┴────────────────────────────────────────────────────────────────────────────┘
Filed for nlf:
https://github.com/iandotkelly/nlf/issues/40
Filed for glob-all (which later versions of nlf uses):
https://github.com/jpillora/node-glob-all/issues/12
glob-all uses glob, which patched this 4 days ago in 7.0.5:
https://github.com/isaacs/node-glob/issues/268
Attachments
Issue Links
- links to