search

XiaofengZeng / kite-nest

Warehouse management system based on geographic information.
MIT License
1 stars 0 forks source link

同学,您这个项目引入了946个开源组件,存在1个漏洞,辛苦升级一下 #6

Closed dependasec[bot] closed 2 years ago

dependasec[bot] commented 2 years ago

检测到 XiaofengZeng/kite-nest 一共引入了946个开源组件,存在1个漏洞

漏洞标题:ansi-regex 安全漏洞
缺陷组件:ansi-regex@4.1.1
漏洞编号:CVE-2021-3807
漏洞描述:Ansi-Regex是用于匹配ANSI 转义码的正则表达式。
ansi-regex 存在安全漏洞,该漏洞源于易受低效正则表达式复杂性的影响。
影响范围:(2.1.1, 5.0.1)
最小修复版本:5.0.1
缺陷组件引入路径:kite-nest@0.1.0->eslint@6.8.0->strip-ansi@6.0.1->ansi-regex@4.1.1
kite-nest@0.1.0->@vue/cli-service@4.5.15->@vue/cli-plugin-router@4.5.15->@vue/cli-shared-utils@4.5.15->strip-ansi@6.0.1->ansi-regex@4.1.1
kite-nest@0.1.0->@vue/cli-service@4.5.15->@vue/cli-shared-utils@4.5.15->ora@3.4.0->strip-ansi@6.0.1->ansi-regex@4.1.1
kite-nest@0.1.0->@vue/cli-service@4.5.15->@vue/cli-shared-utils@4.5.15->strip-ansi@6.0.1->ansi-regex@4.1.1
kite-nest@0.1.0->@vue/cli-service@4.5.15->cliui@6.0.0->string-width@4.2.3->strip-ansi@6.0.1->ansi-regex@4.1.1
kite-nest@0.1.0->eslint@6.8.0->table@5.4.6->string-width@4.2.3->strip-ansi@6.0.1->ansi-regex@4.1.1
kite-nest@0.1.0->eslint@6.8.0->inquirer@7.3.3->string-width@4.2.3->strip-ansi@6.0.1->ansi-regex@4.1.1
kite-nest@0.1.0->has-ansi@2.0.0->ansi-regex@4.1.1
kite-nest@0.1.0->@vue/cli-plugin-eslint@4.5.15->@vue/cli-shared-utils@4.5.15->strip-ansi@6.0.1->ansi-regex@4.1.1
kite-nest@0.1.0->@vue/cli-plugin-eslint@4.5.15->inquirer@7.3.3->string-width@4.2.3->strip-ansi@6.0.1->ansi-regex@4.1.1
kite-nest@0.1.0->@vue/cli-plugin-babel@4.5.15->@vue/cli-shared-utils@4.5.15->ora@3.4.0->strip-ansi@6.0.1->ansi-regex@4.1.1
kite-nest@0.1.0->@vue/cli-service@4.5.15->@soda/friendly-errors-webpack-plugin@1.8.1->string-width@4.2.3->strip-ansi@6.0.1->ansi-regex@4.1.1
kite-nest@0.1.0->@vue/cli-service@4.5.15->cliui@6.0.0->wrap-ansi@7.0.0->strip-ansi@6.0.1->ansi-regex@4.1.1
kite-nest@0.1.0->eslint@6.8.0->inquirer@7.3.3->strip-ansi@6.0.1->ansi-regex@4.1.1
kite-nest@0.1.0->@vue/cli-plugin-eslint@4.5.15->inquirer@7.3.3->strip-ansi@6.0.1->ansi-regex@4.1.1
kite-nest@0.1.0->lint-staged@9.5.0->listr@0.14.3->listr-update-renderer@0.5.0->strip-ansi@6.0.1->ansi-regex@4.1.1
kite-nest@0.1.0->@vue/cli-service@4.5.15->@soda/friendly-errors-webpack-plugin@1.8.1->strip-ansi@6.0.1->ansi-regex@4.1.1
kite-nest@0.1.0->@vue/cli-service@4.5.15->cliui@6.0.0->strip-ansi@6.0.1->ansi-regex@4.1.1
kite-nest@0.1.0->@vue/cli-service@4.5.15->webpack-dev-server@3.11.3->strip-ansi@6.0.1->ansi-regex@4.1.1
kite-nest@0.1.0->@vue/cli-plugin-eslint@4.5.15->@vue/cli-shared-utils@4.5.15->ora@3.4.0->strip-ansi@6.0.1->ansi-regex@4.1.1
kite-nest@0.1.0->@vue/cli-plugin-babel@4.5.15->@vue/cli-shared-utils@4.5.15->strip-ansi@6.0.1->ansi-regex@4.1.1

另外还有几个漏洞,详细报告:https://mofeisec.com/jr?p=ac4c35

XiaofengZeng commented 2 years ago

已通过npm audit进行排查并通过升级依赖修复相关漏洞:

升级@vue/cli-service版本为5.0.1, 升级eslint版本为7.32.0, 升级@vue/cli-plugin-babel版本为5.0.1, 升级lint-staged版本为12.3.5, 升级@vue/cli-plugin-eslint版本为5.0.1。

kwaiceesc commented 2 years ago

好嘞辛苦啦