Open ghost opened 2 years ago
检测到 Vishesht/React_Native_biolerplate 一共引入了689个开源组件,存在1个漏洞
漏洞标题:shell-quote 安全漏洞 缺陷组件:shell-quote@1.6.1 漏洞编号:CVE-2021-42740 漏洞描述:shell-quote是开源的一个软件包。用于解析和引用 shell 命令。 shell-quote package存在安全漏洞,攻击者可利用该漏洞可以植入任意代码从而执行相关操作。 影响范围:(∞, 1.7.3) 最小修复版本:1.7.3 缺陷组件引入路径:boilerplate@0.0.1->react-native@0.67.3->@react-native-community/cli-platform-android@6.3.0->@react-native-community/cli-tools@6.2.0->shell-quote@1.6.1 boilerplate@0.0.1->react-native@0.67.3->react-devtools-core@4.19.1->shell-quote@1.6.1 boilerplate@0.0.1->react-native@0.67.3->@react-native-community/cli@6.4.0->@react-native-community/cli-hermes@6.3.0->@react-native-community/cli-tools@6.2.0->shell-quote@1.6.1 boilerplate@0.0.1->react-native@0.67.3->@react-native-community/cli@6.4.0->@react-native-community/cli-server-api@6.4.3->@react-native-community/cli-tools@6.2.0->shell-quote@1.6.1 boilerplate@0.0.1->react-native@0.67.3->@react-native-community/cli@6.4.0->@react-native-community/cli-tools@6.2.0->shell-quote@1.6.1 boilerplate@0.0.1->react-native@0.67.3->@react-native-community/cli@6.4.0->@react-native-community/cli-plugin-metro@6.4.0->@react-native-community/cli-tools@6.2.0->shell-quote@1.6.1 boilerplate@0.0.1->react-native@0.67.3->@react-native-community/cli-platform-ios@6.2.0->@react-native-community/cli-tools@6.2.0->shell-quote@1.6.1
另外还有几个漏洞,详细报告:https://mofeisec.com/jr?p=aa08a6
@Kwaisece 抱歉这个问题,现在我已经修复它,你可以轻松使用它
检测到 Vishesht/React_Native_biolerplate 一共引入了689个开源组件,存在1个漏洞
另外还有几个漏洞,详细报告:https://mofeisec.com/jr?p=aa08a6