LinusU
commented
10 months ago As far as I can tell from your link, this does not affect version 1.x of async, which is what we are using:
https://github.com/LinusU/node-appdmg/blob/bb0f693a74341fda7934b42fd0adcb37022f6e05/package.json#L9
Or am I missing something?
Mgrdich
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.
Here is the link