Skip to content

Update dependencies are there are two vulnerabilities #5

Open
Open
Update dependencies are there are two vulnerabilities#5
@tishihtzu

Description

@tishihtzu
tishihtzu
opened on Nov 6, 2024

Note there are 2 vulnerabilities in this code...

starter % npm audit
# npm audit report

rollup  4.0.0 - 4.22.3
Severity: high
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS - https://github.com/advisories/GHSA-gcx4-mw62-g8wm
fix available via `npm audit fix`
node_modules/rollup

vite  5.2.0 - 5.2.13
Severity: moderate
Vite's `server.fs.deny` is bypassed when using `?import&raw` - https://github.com/advisories/GHSA-9cwx-2883-4wfx
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS - https://github.com/advisories/GHSA-64vr-g452-qvp3
fix available via `npm audit fix`
node_modules/vite

2 vulnerabilities (1 moderate, 1 high)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions