Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Fix https://npmjs.com/advisories/1039

See original GitHub issue

Steps for Reproduction:

  1. npm install quill
  2. npm audit

Expected behavior:

No security advisory.

Actual behavior:

Security advisory: https://npmjs.com/advisories/1039

Overview
All versions of quill are vulnerable to Reverse Tabnapping. The package uses
target='_blank' in anchor tags, allowing attackers to access window.opener for
the original page when opening links. This is commonly used for phishing
attacks.

Remediation
No fix is currently available. Consider using an alternative package until a fix is
made available.

Platforms:

N/A

Version:

“All versions” per the advisory.

Additional Notes:

If at all possible, please release / publish fixes for both 1.2.* and 1.3.*. Thanks for your consideration.

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Reactions:8
  • Comments:8 (2 by maintainers)

github_iconTop GitHub Comments

3reactions
jhchencommented, Sep 10, 2019
1reaction
udanpecommented, Sep 17, 2019

@NagarajuGaddam1 ngx-quill-editor have "quill": "^1.3.1" just run npm remove ngx-quill-editor --save && npm install ngx-quill-editor --save or remove node_modules and package_lock.json and run npm install. Old versions cant be changed

Read more comments on GitHub >

github_iconTop Results From Across the Web

Auditing package dependencies for security vulnerabilities
Run the npm audit fix subcommand to automatically install compatible updates to vulnerable dependencies. Run the recommended commands individually to install ...
Read more >
npm-audit
The audit command submits a description of the dependencies configured in your project to your default registry and asks for a report of...
Read more >
Common errors | npm Docs
You are trying to install on a drive that either has no space, or has no permission to write. Free some disk space...
Read more >
audit-ci - npm
There is no bandwidth to fix the advisory; The risk is tolerable for the project; The advisory is inaccurate or incorrect; The vulnerable...
Read more >
auditjs - npm
Audit dependencies to identify known vulnerabilities and maintenance problems. Latest version: 4.0.39, last published: 2 months ago.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Row and Col Or Plugin

Next page

Quill 2 losing data with innerHTML and getting too many breaklines.