New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

同学，您这个项目引入了372个开源组件，存在8个漏洞，辛苦升级一下 #133

Open

ghost opened this issue Mar 9, 2022 · 2 comments

ghost commented Mar 9, 2022

检测到 sffc/socketio-file-upload 一共引入了372个开源组件，存在8个漏洞

漏洞标题：requests 代码注入漏洞
缺陷组件：[email protected]
漏洞编号：CVE-2020-28502
漏洞描述：Dan DeFelippi node-XMLHttpRequest是  （Dan DeFelippi）开源的一个应用软件。用于模拟浏览器XMLHttpRequest对象。
node-XMLHttpRequest before 1.7.0 存在代码注入漏洞，攻击者可利用该漏洞导致任意代码注入并运行。
影响范围：(∞, 1.6.2)
最小修复版本：1.6.2
缺陷组件引入路径：[email protected]>[email protected]>[email protected]>[email protected]>[email protected]

另外还有8个漏洞，详细报告：https://mofeisec.com/jr?p=idb351

The text was updated successfully, but these errors were encountered:

Owner

sffc commented Mar 9, 2022

Hi, can you please translate your issue to English?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment