search

andreypopov / node-red-contrib-miio-roborock

Xioami Roborock node-red nodes
Apache License 2.0
32 stars 12 forks source link

Denial of Service in mem #43

Open S474N opened 2 years ago

S474N commented 2 years ago

Describe issue npm audit run in cli.

Screens / Logs 

Moderate        Denial of Service in mem
Package         mem
Patched in      >=4.0.0
Dependency of   node-red-contrib-miio-roborock
Path            node-red-contrib-miio-roborock > miio > yargs > os-locale > mem
More info       https://github.com/advisories/GHSA-4xcv-9jjx-gfj3

Hardware / Software   - Raspberry 4, Raspbian 11 64bit 

S474N commented 2 years ago

And another:

 Moderate         Inefficient Regular Expression Complexity in chalk/ansi-regex
  Package         ansi-regex
  Patched in      >=5.0.1
  Dependency of   node-red-contrib-miio-roborock
  Path            node-red-contrib-miio-roborock > miio > yargs > cliui > strip-ansi > ansi-regex
  More info       https://github.com/advisories/GHSA-93q8-gq69-wqmw
  Moderate         Inefficient Regular Expression Complexity in chalk/ansi-regex
  Package         ansi-regex
  Patched in      >=5.0.1
  Dependency of   node-red-contrib-miio-roborock
  Path            node-red-contrib-miio-roborock > miio > yargs > cliui > string-width > strip-ansi > ansi-regex
  More info       https://github.com/advisories/GHSA-93q8-gq69-wqmw
  Moderate        Prototype Pollution in yargs-parser
  Package         yargs-parser
  Patched in      >=13.1.2
  Dependency of   node-red-contrib-miio-roborock
  Path            node-red-contrib-miio-roborock > miio > yargs > yargs-parser
  More info       https://github.com/advisories/GHSA-p9pc-299p-vxgp