auditjs vulnerability warning #1

新增問題

Ghost · 2018-12-29T13:55:31Z

Ghost 已留言

2018-12-29 13:55:31 +00:00

Hello,

I use auditjs (https://www.npmjs.com/package/auditjs) in my CI build scripts.
This generates a vulnerability report for the package dependencies my project uses.
When the audit command is executed, it reports a warning.
My question is if btoa could be updated so that this audit warning could be eliminated.

Here is the output of auditjs:

------------------------------------------------------------
[565/1242] btoa 1.2.1  [VULNERABLE]   1 known vulnerabilities affecting installed version

CWE-125: Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

ID: e391a58d-4a81-448b-8ffc-e19016807d73
Details: https://ossindex.sonatype.org/vuln/e391a58d-4a81-448b-8ffc-e19016807d73
Dependency path: /extract-loader/btoa
------------------------------------------------------------

Hello, I use auditjs (https://www.npmjs.com/package/auditjs) in my CI build scripts. This generates a vulnerability report for the package dependencies my project uses. When the audit command is executed, it reports a warning. My question is if btoa could be updated so that this audit warning could be eliminated. Here is the output of auditjs: ``` ------------------------------------------------------------ [565/1242] btoa 1.2.1 [VULNERABLE] 1 known vulnerabilities affecting installed version CWE-125: Out-of-bounds Read The software reads data past the end, or before the beginning, of the intended buffer. ID: e391a58d-4a81-448b-8ffc-e19016807d73 Details: https://ossindex.sonatype.org/vuln/e391a58d-4a81-448b-8ffc-e19016807d73 Dependency path: /extract-loader/btoa ------------------------------------------------------------ ```

登入才能加入這對話。

未選擇標籤

未選擇里程碑

沒有負責人

1 參與者

通知

截止日期

截止日期無效或超出範圍，請使用「yyyy-mm-dd」的格式。

未設定截止日期。

先決條件

未設定先決條件。

參考: coolaj86/btoa.js#1