Skip to content
This repository was archived by the owner on Dec 8, 2022. It is now read-only.
This repository was archived by the owner on Dec 8, 2022. It is now read-only.

Code vulnerabilities related to babel-plugin-inline-react-svg #7

Closed
Closed
Code vulnerabilities related to babel-plugin-inline-react-svg#7
Labels
vulnerabilitySecurity issue
@PatchesMaps

Description

@PatchesMaps
PatchesMaps
opened on Jan 31, 2020
                                                                                
                       === npm audit security report ===                        
                                                                                
┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Denial of Service                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ js-yaml                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.13.0                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ babel-plugin-inline-react-svg [dev]                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ babel-plugin-inline-react-svg > svgo > js-yaml               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/788                             │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Code Injection                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ js-yaml                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.13.1                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ babel-plugin-inline-react-svg [dev]                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ babel-plugin-inline-react-svg > svgo > js-yaml               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/813                             │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 2 vulnerabilities (1 moderate, 1 high) in 888865 scanned packages
  2 vulnerabilities require manual review. See the full report for details.

Metadata

Metadata

Assignees

No one assigned

    Labels

    vulnerabilitySecurity issue

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions