From a2ec84ddb14e7f8c8274d0dc2642ab8f6beb8e14 Mon Sep 17 00:00:00 2001
From: Liran Tal <liran.tal@gmail.com>
Date: Sun, 14 Feb 2021 08:50:49 +0200
Subject: [PATCH] docs: mongoose disclaimer about the specific Node.js version
 required

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index be801b107f..00a0af2dc1 100644
--- a/README.md
+++ b/README.md
@@ -45,7 +45,7 @@ npm run cleanup
 This app uses npm dependencies holding known vulnerabilities.
 
 Here are the exploitable vulnerable packages:
-- [Mongoose - Buffer Memory Exposure](https://snyk.io/vuln/npm:mongoose:20160116)
+- [Mongoose - Buffer Memory Exposure](https://snyk.io/vuln/npm:mongoose:20160116) - requires a version <= Node.js 8. For the exploit demo purposes, one can update the Dockerfile `node` base image to use `FROM node:6-stretch`.
 - [st - Directory Traversal](https://snyk.io/vuln/npm:st:20140206)
 - [ms - ReDoS](https://snyk.io/vuln/npm:ms:20151024)
 - [marked - XSS](https://snyk.io/vuln/npm:marked:20150520)