fix: [41] pac-resolver > netmask high severity vulnerability - Githubissues

TooTallNate / node-pac-proxy-agent

A PAC file proxy `http.Agent` implementation for HTTP and HTTPS

59 stars 57 forks source link

fix: [41] pac-resolver > netmask high severity vulnerability #42

Closed klebeer closed 3 years ago

klebeer commented 3 years ago

pac-resolver dependency is using netmask version <= 2.0.0, this version is with a high severity vulnerability: more info:

https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/ https://npmjs.com/advisories/1658 This bug is patched on netmask 2.0.1, and pac-resolver 4.2.0

TooTallNate commented 3 years ago

Please check the existing issues first.