[CB-7736] Vulnerability in qs dependency - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 3.6.0
Fix Version/s: None
Component/s: cordova-cli
Labels:
None

Description

There is a very well documented vulnerability issue in the qs module that comes as a dependency in request in cordova-cli

https://nodesecurity.io/advisories/qs_dos_memory_exhaustion

Here the tree of modules
cordova@3.5.0-0.2.6
┬ cordova-lib@0.21.6
├─┬ npm@1.3.4
│ └─┬ request@2.21.0
│ └── qs@0.6.5
└─┬ request@2.22.0
└── qs@0.6.6

Even though the tree says it is in a Cordova 3.5.0, the same versions are found in 3.6.3

Attachments

Issue Links

is related to

CB-8154 Unable to add new versions of platforms or plugins

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Victor Adrian Sosa Herrera

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 08/Oct/14 16:27

Updated:: 23/Aug/18 06:59

Resolved:: 11/Jan/16 22:56