同学,您这个项目引入了1382个开源组件,存在23个漏洞,辛苦升级一下

This issue has been tracked since 2022-03-11.

检测到 danilowoz/create-content-loader 一共引入了1382个开源组件,存在23个漏洞

漏洞标题:requests 代码注入漏洞
缺陷组件:[email protected]
漏洞编号:CVE-2020-28502
漏洞描述:Dan DeFelippi node-XMLHttpRequest是  (Dan DeFelippi)开源的一个应用软件。用于模拟浏览器XMLHttpRequest对象。
node-XMLHttpRequest before 1.7.0 存在代码注入漏洞,攻击者可利用该漏洞导致任意代码注入并运行。
影响范围:(∞, 1.6.2)
最小修复版本:1.6.2
缺陷组件引入路径:[email protected]>[email protected]>[email protected]>[email protected]>[email protected]

另外还有23个漏洞,详细报告:https://mofeisec.com/jr?p=icff4e

danilowoz wrote this answer on 2022-03-11

Thanks for letting me know about these issues.
But this kind of issue is spammy as GitHub already provides a way to see vulnerabilities.

More Details About Repo
Owner Name danilowoz
Repo Name create-content-loader
Full Name danilowoz/create-content-loader
Language JavaScript
Created Date 2017-11-15
Updated Date 2022-12-07
Star Count 1131
Watcher Count 11
Fork Count 261
Issue Count 10

YOU MAY BE INTERESTED

Issue Title Created Date Updated Date