search

danielgtaylor / aglio

An API Blueprint renderer with theme support that outputs static HTML
4.75k stars 480 forks source link

Vulnerabilities! Even Critical! #367

Open andzejsw opened 4 years ago

andzejsw commented 4 years ago

Critical Sandbox Bypass Leading to Arbitrary Code Execution
Package constantinople
Patched in >=3.1.1
Dependency of aglio [dev]
Path aglio > aglio-theme-olio > jade > constantinople
More info https://nodesecurity.io/advisories/568

Moderate Prototype Pollution
Package hoek
Patched in > 4.2.0 < 5.0.0 || >= 5.0.3
Dependency of aglio [dev]
Path aglio > aglio-theme-olio > less > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566

Moderate Prototype Pollution
Package hoek
Patched in > 4.2.0 < 5.0.0 || >= 5.0.3
Dependency of aglio [dev]
Path aglio > aglio-theme-olio > less > request > hawk > hoek
More info https://nodesecurity.io/advisories/566

Moderate Prototype Pollution
Package hoek
Patched in > 4.2.0 < 5.0.0 || >= 5.0.3
Dependency of aglio [dev]
Path aglio > aglio-theme-olio > less > request > hawk > cryptiles > boom > hoek
More info https://nodesecurity.io/advisories/566

etc.

ulidtko commented 4 years ago

See #358

andzejsw commented 4 years ago

See #358

Thanks!