Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

0.6.7 - security vulnerability

See original GitHub issue

The recent version of ember-component-css v0.6.7 seems to have a dependency with a security vulnerability. The vulnerability was introduced with v0.6.7. Previous versions seem to be unaffected.

Steps to reproduce

mkdir issue && cd issue
npm init
npm install --save-dev ember-component-css
npm audit

                       === npm audit security report ===                        
                                                                                
┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.17.5                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ ember-component-css [dev]                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ ember-component-css > broccoli-replace > applause > lodash   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/577                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 3275 scanned packages
  1 vulnerability requires manual review. See the full report for details.

Issue Analytics

State:
Created 5 years ago
Reactions:1
Comments:9 (5 by maintainers)

Top GitHub Comments

2reactions

webarkcommented, Feb 28, 2019

😦 umm… sorry. This has been COMPLETELY off my plate as of recently. I will look at this soon.

1reaction

webarkcommented, Feb 1, 2019

or just use a different broccoli plugin, or write a custom one

Top Results From Across the Web

GNU Nano version 0.6.7 : Security vulnerabilities - CVE Details

Security vulnerabilities of GNU Nano version 0.6.7 List of cve security vulnerabilities related to this exact version. You can filter results by cvss...

geddy 0.6.7 vulnerabilities | Snyk - Snyk Vulnerability Database

Learn more about known geddy 0.6.7 vulnerabilities and licenses detected.

Vulnerabilities in Flatpak 0.6.7 - CyberSecurity Help

List of known vulnerabilities in Flatpak in version 0.6.7. ... Main · Vulnerability Database · Flatpak · Flatpak; 0.6.7. With exploit. With patch ......

Security Policy · janeczku/calibre-web - GitHub

Fixed in Description CVE number 3rd July 2018 Guest access acts as a backdoor V 0.6.7 Hardcoded secret key for sessions CVE‑2020‑12627 V 0.6.13 Calibre‑Web Metadata...

Velociraptor Version 0.6.7: Better Offline Collection ... - Rapid7

Having asymmetric encryption improves security greatly because only the public key needs to be included in the collector configuration. Dumping ...