Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

found 9 high severity vulnerabilities: decompress #391

Open
badfeather opened this issue Mar 1, 2020 · 3 comments
Open

found 9 high severity vulnerabilities: decompress #391

badfeather opened this issue Mar 1, 2020 · 3 comments

Comments

@badfeather
Copy link

More info

It looks like decompress hasn't been updated since 2017. I found this alternative in another thread.
@whyisjake whyisjake mentioned this issue Mar 3, 2020
Merged
@Therealskythe
Copy link

Any comments on this...?

@rvalitov
Copy link

rvalitov commented Apr 9, 2020

I get the following audit report with 6 vulnerabilities:

 === npm audit security report ===                        
                                                                                
# Run  npm update decompress --depth 6  to resolve 6 vulnerabilities
                                                                                
  High            Arbitrary File Write                                          
                                                                                
  Package         decompress                                                    
                                                                                
  Dependency of   grunt-contrib-imagemin [dev]                                  
                                                                                
  Path            grunt-contrib-imagemin > imagemin-jpegtran > jpegtran-bin >   
                  bin-build > decompress                                        
                                                                                
  More info       https://npmjs.com/advisories/1217                             
                                                                                


                                                                                
  High            Arbitrary File Write                                          
                                                                                
  Package         decompress                                                    
                                                                                
  Dependency of   imagemin-jpegtran [dev]                                       
                                                                                
  Path            imagemin-jpegtran > jpegtran-bin > bin-build > decompress     
                                                                                
  More info       https://npmjs.com/advisories/1217                             
                                                                                


                                                                                
  High            Arbitrary File Write                                          
                                                                                
  Package         decompress                                                    
                                                                                
  Dependency of   grunt-contrib-imagemin [dev]                                  
                                                                                
  Path            grunt-contrib-imagemin > imagemin-jpegtran > jpegtran-bin >   
                  bin-build > download > decompress                             
                                                                                
  More info       https://npmjs.com/advisories/1217                             
                                                                                


                                                                                
  High            Arbitrary File Write                                          
                                                                                
  Package         decompress                                                    
                                                                                
  Dependency of   imagemin-jpegtran [dev]                                       
                                                                                
  Path            imagemin-jpegtran > jpegtran-bin > bin-build > download >     
                  decompress                                                    
                                                                                
  More info       https://npmjs.com/advisories/1217                             
                                                                                


                                                                                
  High            Arbitrary File Write                                          
                                                                                
  Package         decompress                                                    
                                                                                
  Dependency of   grunt-contrib-imagemin [dev]                                  
                                                                                
  Path            grunt-contrib-imagemin > imagemin-jpegtran > jpegtran-bin >   
                  bin-wrapper > download > decompress                           
                                                                                
  More info       https://npmjs.com/advisories/1217                             
                                                                                


                                                                                
  High            Arbitrary File Write                                          
                                                                                
  Package         decompress                                                    
                                                                                
  Dependency of   imagemin-jpegtran [dev]                                       
                                                                                
  Path            imagemin-jpegtran > jpegtran-bin > bin-wrapper > download >   
                  decompress                                                    
                                                                                
  More info       https://npmjs.com/advisories/1217

@noahcooper
Copy link

Any news on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@noahcooper @badfeather @Therealskythe @rvalitov