You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our most recent sourceclear scan (https://www.sourceclear.com/) has revealed a vulnerability in forwarded library which can cause regular expression denial of service (ReDoS). A flaw when the x-forwarded-for header is parsed causes the event loop to be blocked. To mitigate this, we need to bump forwarded to 0.1.2.
@tancnle thanks for checking in. I'd recommend you check out nsp versus sourceclear. NSP is picking up 11 similar vulnerabilities. however, it's important to note that webpack-dev-server is only meant to be run locally, and temporarily for the purpose of debugging. unless you're planning on attacking your own machine, you're not in much danger from the current list.
@shellscape Fair point. With that in mind, this is more of less of dependency bumps to keep things up-to-dated. I guess we can close it in favour of larger update later on.
Our most recent sourceclear scan (https://www.sourceclear.com/) has revealed a vulnerability in
forwarded
library which can cause regular expression denial of service (ReDoS). A flaw when thex-forwarded-for
header is parsed causes the event loop to be blocked. To mitigate this, we need to bumpforwarded
to0.1.2
.Dependency tree for
express
, before:after:
The text was updated successfully, but these errors were encountered: