Skip to content

Please upgrade this vulnerable package #694

New issue
New issue
Closed
Closed
Please upgrade this vulnerable package#694
@PabloJomer

Description

@PabloJomer
PabloJomer
opened on Jul 6, 2021

http-server/package.json

Line 90 in d1b7739

"ecstatic": "^3.3.2",

Dependabot marks this as an issue:

Remediation
Upgrade ecstatic to version 4.1.3 or later. For example:

ecstatic@^4.1.3:
version "4.1.3"
Always verify the validity and compatibility of suggestions with your codebase.

Details
CVE-2019-10775
moderate severity
Vulnerable versions: < 4.1.3
Patched version: 4.1.3
ecstatic have a denial of service vulnerability. Successful exploitation could lead to crash of an application.

For more details see:

GHSA-jc84-3g44-wf2q

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions