auditjs vulnerability warning #1

Abierta
abierta 2018-12-29 13:55:31 +00:00 por Ghost · 0 comentarios

Hello,

I use auditjs (https://www.npmjs.com/package/auditjs) in my CI build scripts.
This generates a vulnerability report for the package dependencies my project uses.
When the audit command is executed, it reports a warning.
My question is if btoa could be updated so that this audit warning could be eliminated.

Here is the output of auditjs:

------------------------------------------------------------
[565/1242] btoa 1.2.1  [VULNERABLE]   1 known vulnerabilities affecting installed version

CWE-125: Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

ID: e391a58d-4a81-448b-8ffc-e19016807d73
Details: https://ossindex.sonatype.org/vuln/e391a58d-4a81-448b-8ffc-e19016807d73
Dependency path: /extract-loader/btoa
------------------------------------------------------------
Hello, I use auditjs (https://www.npmjs.com/package/auditjs) in my CI build scripts. This generates a vulnerability report for the package dependencies my project uses. When the audit command is executed, it reports a warning. My question is if btoa could be updated so that this audit warning could be eliminated. Here is the output of auditjs: ``` ------------------------------------------------------------ [565/1242] btoa 1.2.1 [VULNERABLE] 1 known vulnerabilities affecting installed version CWE-125: Out-of-bounds Read The software reads data past the end, or before the beginning, of the intended buffer. ID: e391a58d-4a81-448b-8ffc-e19016807d73 Details: https://ossindex.sonatype.org/vuln/e391a58d-4a81-448b-8ffc-e19016807d73 Dependency path: /extract-loader/btoa ------------------------------------------------------------ ```
Inicie sesión para unirse a esta conversación.
Sin etiquetas
Sin Milestone
No asignados
1 participantes
Notificaciones
Fecha de vencimiento
La fecha de vencimiento es inválida o está fuera de rango. Por favor utilice el formato 'aaaa-mm-dd'.

Sin fecha de vencimiento.

Dependencias

No se han establecido dependencias.

Referencia: coolaj86/btoa.js#1
No se ha proporcionado una descripción.