Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
High security vulnerability reported due to dependency on decompress
See original GitHub issueAs reported by npm audit:
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Arbitrary File Write │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ decompress │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ No patch available │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ download │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ download > decompress │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1217 │
└───────────────┴──────────────────────────────────────────────────────────────┘
Issue Analytics
- State:
- Created 4 years ago
- Reactions:12
- Comments:8 (1 by maintainers)
Top Results From Across the Web
New OpenSSL critical vulnerability: What you need to know
The OpenSSL project has marked this vulnerability as critical, but said it will not impact versions of OpenSSL prior to 3.0. This means...
Read more >found 1 high severity vulnerability: decompress · Issue #271
What is the Problem? Decompress package is flagged as high severity vulnerability. === npm audit security report ...
Read more >You have critical security vulnerabilities in your software ...
In your application, if you update a dependency to a version which is fixing a vulnerability, this vulnerability will no longer be reported...
Read more >Finding Security Vulnerabilities in your Dependencies with ...
Known security vulnerabilities are published on sites like CVE and NVD. ... The resulting HTML report lists all your dependencies and shows ...
Read more >Detection, assessment and mitigation of vulnerabilities in ...
For vulnerabilities not caused by code but due, e.g., ... is included in the OWASP Top 10 Application Security Risks since 2013 (OWASP ......
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Fixed: https://github.com/kevva/download/releases/tag/v8.0.0
Is there an eta? Else I have to port to https://github.com/hgouveia/node-downloader-helper