Questions tagged [npm-vulnerabilities]
The npm-vulnerabilities tag has no usage guidance.
npm-vulnerabilities
57
questions
0
votes
1
answer
26
views
vulnerabilities when creating react app, how to fix it?
Each time I create a react up I get:
8 vulnerabilities (2 moderate, 6 high)
I tried to fix it with npm audit fix, but it didn't change anything. I tried to fix it with npm audit fix --force, but it ...
-3
votes
0
answers
135
views
How to fix CVE-2024-5535 for Dockerfile using node:22.1.0?
We found that there is security vulnerability for the Dockerfile we are using.
The security vulnerability scan detected following
| CVE-2024-5535 | critical | 0.00 | openssl | 3.0.13-1~deb12u1 | ...
-2
votes
0
answers
31
views
Needed with npm audit Vulnerabilities
I’m facing some issues with vulnerabilities in my project and would appreciate your help in resolving them. Here is the npm audit report:
dicer *
Severity: high
Crash in HeaderParser in dicer - https:...
1
vote
0
answers
548
views
ip SSRF improper categorization in isPublic - IP node package vulnerability
I found ip SSRF improper categorization in isPublic vulnerability.
when i tried npm audit to get vulnerability report, I found the below vulnerability related to ip package
`ip *
Severity: high
ip ...
2
votes
1
answer
205
views
How to solve the web3modal vulnerability problem?
First installed npx create-next-app@latest, then npm install @web3modal/wagmi wagmi viem @tanstack. As a result, this error appears. What could be the ways to solve this?
npm WARN ERESOLVE overriding ...
0
votes
1
answer
252
views
Axios vulnerability detected when installing @nuxtjs/auth-next
I have a nuxt project and I was trying to install nuxt auth but every time I install this package, it appears this Axios Cross-Site Request Forgery Vulnerability. This is my package.json file:
{
&...
2
votes
1
answer
421
views
Vulnerability support for outdated Angular versions
A critical vulnerability(CVE-2024-21490) was identified in Angular 14, which is currently not supported under the Long-Term Support (LTS) policy but later got a confirmation from the CAST team that it ...
0
votes
0
answers
101
views
Update to Dojo 1;17.3
I just update Doje to fix some vulnerabilities issue found by our security scan. This is scan is setup by my company on the Github repository. When I update from 1.10 to 1.17.3, I was able to close ...
0
votes
2
answers
1k
views
Should I sanitize response data before sending it to the client?
I'm using the express-xss-sanitizer package to sanitize incoming requests in my Node.js Express application. However, I'm still seeing issues reported by Checkmarx regarding potential XSS attacks. I'm ...
0
votes
0
answers
48
views
On what basis GitHub Advisory filter vulnerabilities for different package managers?
I am trying to comprehend how GitHub Advisory filters vulnerabilities, particularly in the context of Bootstrap 3.3.7. In the National Vulnerability Database (NVD), the following vulnerabilities are ...
0
votes
0
answers
819
views
How to solve the vulnerabilities in react while updating dependencies?
Even after using npm audit fix --force i am getting vulnerabilities and i am not able to remove them.
I need to update the dependencies for installing tailwindcss.
Here are some of them,
nth-check &...
0
votes
0
answers
77
views
Upgrade yarn packages to avoid vulnerabilities in Docker image
I have a node dependency tree that looks like this:
$:app user1$ npm ls d3-color
[email protected] /Users/user1/workspace/fe/app
├─┬ @ant-design/[email protected]
│ └─┬ @ant-design/[email protected]
│ └─┬ @antv/l7plot@...
1
vote
0
answers
1k
views
Angular vulnerability [email protected] deduped
I'm having problems with the [email protected] deduped lib, it is a child of some angular CORE libs, and I need to mitigate this vulnerability. At the moment I don't have time to migrate to angular 16, ...
0
votes
0
answers
82
views
Update jsrsasign from 0.0.3 to 10.8.6
I need assistance in he procedure to update jsrsasign npm library under jws-jwk tree.
It's currently giving me the following tree when using npm ls jsrsasign.
[email protected]
└── [email protected]
I ...
0
votes
0
answers
163
views
Remove Improper Input Validation vulnerability from 'xmldom'
My project has a new Improper Input Validation vulnerability found by Synk. The problematic library is 'xmldom' version 0.1.19. Looking into the dependency tree, 'xmldom' is required by 'xml-crypto', ...