Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security vulnerabilities found in gitbook-cli 2.3.2 #87

Open
jennyhliu opened this issue Sep 5, 2018 · 4 comments
Open

Security vulnerabilities found in gitbook-cli 2.3.2 #87

jennyhliu opened this issue Sep 5, 2018 · 4 comments

Comments

@jennyhliu
Copy link

jennyhliu commented Sep 5, 2018
edited

Our application uses gitbook-cli 2.3.2, the following security vulnerabilities are reported from npm audit. The npm version used is 6.4.1.

=== npm audit security report ===

│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > node-gyp > request > hawk > boom > hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > node-gyp > request > hawk > cryptiles > │
│ │ boom > hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > node-gyp > request > hawk > hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > node-gyp > request > hawk > sntp > hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > npm-registry-client > request > hawk > │
│ │ boom > hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > npm-registry-client > request > hawk > │
│ │ cryptiles > boom > hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > npm-registry-client > request > hawk > │
│ │ hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > npm-registry-client > request > hawk > │
│ │ sntp > hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > request > hawk > boom > hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > request > hawk > cryptiles > boom > hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > request > hawk > hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > request > hawk > sntp > hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > request > hawk > boom │
│ │ > hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > request > hawk > │
│ │ cryptiles > boom > hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > request > hawk > hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > request > hawk > sntp │
│ │ > hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │
│ │ hawk > boom > hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │
│ │ hawk > cryptiles > boom > hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │
│ │ hawk > hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │
│ │ hawk > sntp > hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > request > hawk > boom > hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > request > hawk > cryptiles > boom │
│ │ > hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > request > hawk > hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > request > hawk > sntp > hoek │
│ More info │ https://nodesecurity.io/advisories/566
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > fs-vacuum > rimraf > glob > │
│ │ minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > fstream > rimraf > glob > │
│ │ minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > fstream-npm > fstream-ignore > │
│ │ fstream > rimraf > glob > minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > fstream-npm > fstream-ignore > │
│ │ minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > glob > minimatch > │
│ │ brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > init-package-json > glob > │
│ │ minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > init-package-json > │
│ │ read-package-json > glob > minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > fstream > rimraf > │
│ │ glob > minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > glob > minimatch > │
│ │ brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > minimatch > │
│ │ brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > rimraf > glob > │
│ │ minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > tar > fstream > rimraf │
│ │ > glob > minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > read-installed > │
│ │ read-package-json > glob > minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > read-package-json > glob > │
│ │ minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > rimraf > glob > minimatch > │
│ │ brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > tar > fstream > rimraf > glob > │
│ │ minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338
│ High │ Regular Expression Denial of Service │
│ Package │ sshpk │
│ Patched in │ >=1.14.1 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > node-gyp > request > http-signature > │
│ │ sshpk │
│ More info │ https://nodesecurity.io/advisories/606
│ High │ Regular Expression Denial of Service │
│ Package │ sshpk │
│ Patched in │ >=1.14.1 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > npm-registry-client > request > │
│ │ http-signature > sshpk │
│ More info │ https://nodesecurity.io/advisories/606
│ High │ Regular Expression Denial of Service │
│ Package │ sshpk │
│ Patched in │ >=1.14.1 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > request > http-signature > sshpk │
│ More info │ https://nodesecurity.io/advisories/606
│ High │ Regular Expression Denial of Service │
│ Package │ sshpk │
│ Patched in │ >=1.14.1 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > request > │
│ │ http-signature > sshpk │
│ More info │ https://nodesecurity.io/advisories/606
│ High │ Regular Expression Denial of Service │
│ Package │ sshpk │
│ Patched in │ >=1.14.1 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │
│ │ http-signature > sshpk │
│ More info │ https://nodesecurity.io/advisories/606
│ High │ Regular Expression Denial of Service │
│ Package │ sshpk │
│ Patched in │ >=1.14.1 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > request > http-signature > sshpk │
│ More info │ https://nodesecurity.io/advisories/606
│ High │ Regular Expression Denial of Service │
│ Package │ tough-cookie │
│ Patched in │ >=2.3.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > node-gyp > request > tough-cookie │
│ More info │ https://nodesecurity.io/advisories/525
│ High │ Regular Expression Denial of Service │
│ Package │ tough-cookie │
│ Patched in │ >=2.3.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > npm-registry-client > request > │
│ │ tough-cookie │
│ More info │ https://nodesecurity.io/advisories/525
│ High │ Regular Expression Denial of Service │
│ Package │ tough-cookie │
│ Patched in │ >=2.3.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > request > tough-cookie │
│ More info │ https://nodesecurity.io/advisories/525
│ High │ Regular Expression Denial of Service │
│ Package │ tough-cookie │
│ Patched in │ >=2.3.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > request > tough-cookie │
│ More info │ https://nodesecurity.io/advisories/525
│ High │ Regular Expression Denial of Service │
│ Package │ tough-cookie │
│ Patched in │ >=2.3.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │
│ │ tough-cookie │
│ More info │ https://nodesecurity.io/advisories/525
│ High │ Regular Expression Denial of Service │
│ Package │ tough-cookie │
│ Patched in │ >=2.3.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > request > tough-cookie │
│ More info │ https://nodesecurity.io/advisories/525
│ Moderate │ Regular Expression Denial of Service │
│ Package │ ssri │
│ Patched in │ >=5.2.2 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > cacache > ssri │
│ More info │ https://nodesecurity.io/advisories/565
│ Moderate │ Regular Expression Denial of Service │
│ Package │ ssri │
│ Patched in │ >=5.2.2 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > npm-registry-client > ssri │
│ More info │ https://nodesecurity.io/advisories/565
│ Moderate │ Regular Expression Denial of Service │
│ Package │ ssri │
│ Patched in │ >=5.2.2 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > pacote > cacache > ssri │
│ More info │ https://nodesecurity.io/advisories/565
│ Moderate │ Regular Expression Denial of Service │
│ Package │ ssri │
│ Patched in │ >=5.2.2 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > pacote > make-fetch-happen > cacache > │
│ │ ssri │
│ More info │ https://nodesecurity.io/advisories/565
│ Moderate │ Regular Expression Denial of Service │
│ Package │ ssri │
│ Patched in │ >=5.2.2 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > pacote > make-fetch-happen > ssri │
│ More info │ https://nodesecurity.io/advisories/565
│ Moderate │ Regular Expression Denial of Service │
│ Package │ ssri │
│ Patched in │ >=5.2.2 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > pacote > ssri │
│ More info │ https://nodesecurity.io/advisories/565
│ Moderate │ Regular Expression Denial of Service │
│ Package │ ssri │
│ Patched in │ >=5.2.2 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > ssri │
│ More info │ https://nodesecurity.io/advisories/565
│ Moderate │ Out-of-bounds Read │
│ Package │ stringstream │
│ Patched in │ >=0.0.6 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > node-gyp > request > stringstream │
│ More info │ https://nodesecurity.io/advisories/664
│ Moderate │ Out-of-bounds Read │
│ Package │ stringstream │
│ Patched in │ >=0.0.6 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > npm-registry-client > request > │
│ │ stringstream │
│ More info │ https://nodesecurity.io/advisories/664
│ Moderate │ Out-of-bounds Read │
│ Package │ stringstream │
│ Patched in │ >=0.0.6 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > request > stringstream │
│ More info │ https://nodesecurity.io/advisories/664
│ Moderate │ Out-of-bounds Read │
│ Package │ stringstream │
│ Patched in │ >=0.0.6 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > request > stringstream │
│ More info │ https://nodesecurity.io/advisories/664
│ Moderate │ Out-of-bounds Read │
│ Package │ stringstream │
│ Patched in │ >=0.0.6 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │
│ │ stringstream │
│ More info │ https://nodesecurity.io/advisories/664
│ Moderate │ Out-of-bounds Read │
│ Package │ stringstream │
│ Patched in │ >=0.0.6 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > request > stringstream │
│ More info │ https://nodesecurity.io/advisories/664
│ Moderate │ Memory Exposure │
│ Package │ tunnel-agent │
│ Patched in │ >=0.6.0 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > request > tunnel-agent │
│ More info │ https://nodesecurity.io/advisories/598
│ Moderate │ Memory Exposure │
│ Package │ tunnel-agent │
│ Patched in │ >=0.6.0 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │
│ │ tunnel-agent │
│ More info │ https://nodesecurity.io/advisories/598
│ Moderate │ Memory Exposure │
│ Package │ tunnel-agent │
│ Patched in │ >=0.6.0 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > request > tunnel-agent │
│ More info │ https://nodesecurity.io/advisories/598
│ High │ Denial of Service │
│ Package │ https-proxy-agent │
│ Patched in │ >=2.2.0 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > pacote > make-fetch-happen > │
│ │ https-proxy-agent │
│ More info │ https://nodesecurity.io/advisories/593
│ High │ Denial of Service │
│ Package │ http-proxy-agent │
│ Patched in │ >=2.1.0 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > pacote > make-fetch-happen > │
│ │ http-proxy-agent │
│ More info │ https://nodesecurity.io/advisories/607
│ Low │ Regular Expression Denial of Service │
│ Package │ debug │
│ Patched in │ >= 2.6.9 < 3.0.0 || >= 3.1.0 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > pacote > make-fetch-happen > │
│ │ http-proxy-agent > debug │
│ More info │ https://nodesecurity.io/advisories/534
│ Low │ Regular Expression Denial of Service │
│ Package │ debug │
│ Patched in │ >= 2.6.9 < 3.0.0 || >= 3.1.0 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > pacote > make-fetch-happen > │
│ │ https-proxy-agent > debug │
│ More info │ https://nodesecurity.io/advisories/534
│ Low │ Prototype Pollution │
│ Package │ deep-extend │
│ Patched in │ >=0.5.1 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > update-notifier > latest-version > │
│ │ package-json > registry-auth-token > rc > deep-extend │
│ More info │ https://nodesecurity.io/advisories/612
│ Low │ Prototype Pollution │
│ Package │ deep-extend │
│ Patched in │ >=0.5.1 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > update-notifier > latest-version > │
│ │ package-json > registry-url > rc > deep-extend │
│ More info │ https://nodesecurity.io/advisories/612
│ Low │ Prototype Pollution │
│ Package │ lodash │
│ Patched in │ >=4.17.5 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > lodash │
│ More info │ https://nodesecurity.io/advisories/577
found 76 vulnerabilities (5 low, 57 moderate, 14 high) in 9050 scanned packages
76 vulnerabilities require manual review. See the full report for details.
@edm00se
Copy link

edm00se commented Sep 29, 2018
edited

I can confirm these security vulnerabilities with any npm version that performs the npm audit task with the latest version of gitbook-cli, 2.3.2.

I recorded an asciicast of:

  • git clone ...
  • npm install (which performs an audit)

asciicast

The thumbnail currently appears broken, here's the direct link:
https://asciinema.org/a/203750

This was referenced Sep 30, 2018
Closed
Closed
This was referenced Nov 15, 2018
Merged
Closed
@palmerabollo
Copy link

There are some PRs #83 #86 #88 that might help but gitbook-cli seems to be abandoned since 2017... @AaronO could you please confirm whether this project is still under active development and accepting contributions?

@jraff
Copy link

jraff commented Mar 19, 2019

@AaronO Is there any update on this? Has gitbook-cli been abandoned?

@DamienOReilly
Copy link

Is this project abandoned @AaronO ?

@junowilderness junowilderness mentioned this issue Sep 14, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@edm00se @palmerabollo @jraff @DamienOReilly @jennyhliu