coolaj86
/
btoa.js
1
0
Fork 0
Code Issues 4 Pull Requests 1 Releases Wiki Activity

auditjs vulnerability warning #1

New Issue
Open
opened 2018-12-29 13:55:31 +00:00 by Ghost · 0 comments
Ghost commented 2018-12-29 13:55:31 +00:00
Copy Link

Hello,

I use auditjs (https://www.npmjs.com/package/auditjs) in my CI build scripts.
This generates a vulnerability report for the package dependencies my project uses.
When the audit command is executed, it reports a warning.
My question is if btoa could be updated so that this audit warning could be eliminated.

Here is the output of auditjs:

------------------------------------------------------------
[565/1242] btoa 1.2.1  [VULNERABLE]   1 known vulnerabilities affecting installed version

CWE-125: Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

ID: e391a58d-4a81-448b-8ffc-e19016807d73
Details: https://ossindex.sonatype.org/vuln/e391a58d-4a81-448b-8ffc-e19016807d73
Dependency path: /extract-loader/btoa
------------------------------------------------------------
Hello, I use auditjs (https://www.npmjs.com/package/auditjs) in my CI build scripts. This generates a vulnerability report for the package dependencies my project uses. When the audit command is executed, it reports a warning. My question is if btoa could be updated so that this audit warning could be eliminated. Here is the output of auditjs: ``` ------------------------------------------------------------ [565/1242] btoa 1.2.1 [VULNERABLE] 1 known vulnerabilities affecting installed version CWE-125: Out-of-bounds Read The software reads data past the end, or before the beginning, of the intended buffer. ID: e391a58d-4a81-448b-8ffc-e19016807d73 Details: https://ossindex.sonatype.org/vuln/e391a58d-4a81-448b-8ffc-e19016807d73 Dependency path: /extract-loader/btoa ------------------------------------------------------------ ```
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
v1.2.1
v1.2.0
v1.1.2
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: coolaj86/btoa.js#1
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?