-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sails@1.5.8 captains-log dependency introduces ReDoS Vulnerability #7315
Comments
@kconut Thanks for posting! We'll take a look as soon as possible. In the mean time, there are a few ways you can help speed things along:
Please remember: never post in a public forum if you believe you've found a genuine security vulnerability. Instead, disclose it responsibly. For help with questions about Sails, click here. |
Hey @kconut thanks for reporting, we will have a look into resolving this. :) |
Hi @kconut, for some reason, this vulnerability is not showing up in |
Hi @eashaw, thank you for looking into this! We have Snyk integrated into our pipeline for static code analysis and dependency scanning, and the vulnerability on ansi-regex only started showing up in our scans roughly 3 weeks ago. Additional information from the generated report file:
Also providing here the attached references regarding the finding: |
@kconut Publishing patches now! |
Node version: 16
Sails version (sails): 1.5.8
We're encountering the following security finding for our sails application:
Is there any plan to update the chalk version for captains-log?
The text was updated successfully, but these errors were encountered: