Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
CVE-2021-27290 due to using old version of `ssri`
See original GitHub issueBug report
What is the current behavior? CVE-2021-27290
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.
The fix is to bump ssri to 8.0.1.
The dependency path to ssri is webpack > terser-webpack-plugin > cacache > ssri
I’ve reported this issue in terser-webpack-plugin at https://github.com/webpack-contrib/terser-webpack-plugin/issues/388
If the current behavior is a bug, please provide the steps to reproduce.
What is the expected behavior? There shouldn’t be any CVE’s found when evaluating Webpack 😃
Other relevant information:
webpack version: 4.46.0
Node.js version: all
Operating System: all
Issue Analytics
- State:
- Created 3 years ago
- Comments:11 (7 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
react-script still uses webpack 4. “webpack”: “4.44.2”. Could someone please release a patch as it is affecting multiple projects using react-script.
Not sure when this will be resolved but for all of you who are struggling with vulnerability requirements you can modify the package-lock.json and adding the specific version of the ssri dependency instead of the standard one required by react scripts. For more info see this stackoverflow issue: https://stackoverflow.com/questions/15806152/how-do-i-override-nested-npm-dependency-versions