Open dtiziani opened 6 years ago
The 'mime' version in package.json needs to be updated in s3 package , it seems currently the mime version is held at 1.2.x ( i.e. "mime": "~1.2.11"), we need >= 1.4.1 < 2.0.0 || >= 2.0.3 to get patch; https://github.com/broofa/node-mime/commit/855d0c4b8b22e4a80b9401a81f2872058eae274d
Affected versions of mime are vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.
Reference: https://nodesecurity.io/advisories/535