zfan40
commented
3 years ago @git-qfzhang 能不能麻烦您帮助跟进一下,感谢
Open zfan40 opened 3 years ago
zfan40
commented
3 years ago @git-qfzhang 能不能麻烦您帮助跟进一下,感谢
zfan40
commented
3 years ago duplicated with https://github.com/alibaba/funcraft/issues/1075
问题描述: vulnerability: date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2. remediation: Upgrade date-and-time from 0.12.0 to 0.14.2 to fix the vulnerability. vulnerability: Due to an overly permissive regular expression, the parsing of certain date strings may lead to a denial of service. remediation: Upgrade to version v0.14.2 vulnerability: date-and-time is vulnerable to Regular Expression Denial Of Service (ReDoS). The vulnerability is possible due to an overly permissive regular expression, the parsing of certain date strings may lead to a denial of service.
解决方案: date-and-time@0.12.0 需要将依赖调整为^0.14.2