Shraddha2104
commented
4 years ago Hi Alina, I think the link is broken.
Closed alodahl closed 4 years ago
Shraddha2104
commented
4 years ago Hi Alina, I think the link is broken.
alodahl
commented
4 years ago Maybe its only visible to admins. I'll paste the text here.
alodahl
commented
4 years ago ecstatic Open GitHub opened this alert 4 hours ago 1 ecstatic vulnerability found in package-lock.json 4 hours ago Remediation No patched version is available.
Details CVE-2019-10775 high severity Vulnerable versions: <= 4.1.2 Patched version: No fix Versions of ecstatic prior to 4.1.2, 3.3.2 or 2.2.2 are vulnerable to Open Redirect. The package fails to validate redirects, allowing attackers to craft requests that result in an HTTP 301 redirect to any other domains.
Recommendation If using ecstatic 4.x, upgrade to 4.1.2 or later. If using ecstatic 3.x, upgrade to 3.3.2 or later. If using ecstatic 2.x, upgrade to 2.2.2 or later.
anuragsati
commented
4 years ago Hey! can i do this?
Shraddha2104
commented
4 years ago Assigned!
anuragsati
commented
4 years ago I'm not sure how to approach this. In package-lock.json ecstatic's version is already 3.3.2
I think it is caused by this line.
should i manually edit package-lock.json ?
alodahl
commented
4 years ago Sorry I missed this thread! See if installing something over 4.1.2 will still work for us.
See the problem here:
https://github.com/Techtonica/keyboard-shortcuts-practice/network/alert/package-lock.json/ecstatic/open