Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Issue: npm audit error. Root dependencies for serialize-javascript Severity: High #9115

Closed
vikramdadwal opened this issue Jun 5, 2020 · 3 comments
Closed

Security Issue: npm audit error. Root dependencies for serialize-javascript Severity: High #9115

vikramdadwal opened this issue Jun 5, 2020 · 3 comments
Labels
issue: bug report needs triage stale

Comments

@vikramdadwal
Copy link

vikramdadwal commented Jun 5, 2020
edited
Loading

npm audit is reporting a high security vulnerable issue:

image

Description
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".

Did you try recovering your dependencies?

Which terms did you search for in User Guide?

Environment

Expected behavior

No npm audit high issue

Actual behavior

npm audit showing high issue

Reproducible demo

(Paste the link to an example project and exact instructions to reproduce the issue.)
@vikramdadwal vikramdadwal changed the title npm audit error. Root dependencies for serialize-javascript Severity: High Security Issue: npm audit error. Root dependencies for serialize-javascript Severity: High Jun 5, 2020
@olliecurtis
Copy link

I think this is related to this issue: #9108 as it is resolved through terser-webpack-plugin 😄

@dtesta dtesta mentioned this issue Jun 23, 2020
Closed
@stale
Copy link

stale bot commented Jul 11, 2020

This issue has been automatically marked as stale because it has not had any recent activity. It will be closed in 5 days if no further activity occurs.

@stale stale bot added the stale label Jul 11, 2020
@stale
Copy link

stale bot commented Jul 18, 2020

This issue has been automatically closed because it has not had any recent activity. If you have a question or comment, please open a new issue.

@stale stale bot closed this as completed Jul 18, 2020
@admmasters admmasters mentioned this issue Nov 28, 2023
Open
@joseroubert08 joseroubert08 mentioned this issue Nov 29, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
issue: bug report needs triage stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@olliecurtis @vikramdadwal