Skip to content

Commit

Permalink
docs: mongoose disclaimer about the specific Node.js version required
Browse files Browse the repository at this point in the history
  • Loading branch information
@lirantal
lirantal committed Feb 14, 2021
1 parent 9300e9a commit a2ec84d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ npm run cleanup
This app uses npm dependencies holding known vulnerabilities.

Here are the exploitable vulnerable packages:
- [Mongoose - Buffer Memory Exposure](https://snyk.io/vuln/npm:mongoose:20160116)
- [Mongoose - Buffer Memory Exposure](https://snyk.io/vuln/npm:mongoose:20160116) - requires a version <= Node.js 8. For the exploit demo purposes, one can update the Dockerfile `node` base image to use `FROM node:6-stretch`.
- [st - Directory Traversal](https://snyk.io/vuln/npm:st:20140206)
- [ms - ReDoS](https://snyk.io/vuln/npm:ms:20151024)
- [marked - XSS](https://snyk.io/vuln/npm:marked:20150520)
Expand Down

0 comments on commit a2ec84d

Please sign in to comment.