wesco-vishalprasad
commented
1 year ago Any update on this?
Open wesco-vishalprasad opened 1 year ago
wesco-vishalprasad
commented
1 year ago Any update on this?
ammusiva
commented
1 year ago I too required to fix this vulnerability
diegoalbertopp
commented
1 year ago Help me please
avkamolov
commented
11 months ago Any updates on this?
wesco-anurajka
commented
11 months ago Is anybody working on this?
thecodeinfluencer
commented
11 months ago Are you sure this comes from react-scripts? Check under Dependancy Graph section on the Veracode SCA scan.
For me it came from eslint package and react scripts had no issue. If for anyone else it is the eslint package then here's how I sorted it out:
zhibirc
commented
8 months ago npm ls inflight
Also, this explanation may be useful: https://github.com/facebook/create-react-app/issues/11174#issue-935928547
famiclone
commented
2 months ago 
Netrunner-A
commented
2 weeks ago Using v10 glob (10.4.2) will solve this as inflight is not used anymore, you can force this by adding "glob": "10.4.2" in your overrides in package.json.
Example:
"dependencies": {
# ...
},
"overrides": {
"glob": "10.4.2"
}This change didn't cause issues in my application, and I don't think it will in yours, but you should test just in case. Side-note: react-scripts is deprecated and should be avoided anyway for production.
When i create a create react app i found a medium security vulnerability in inflight library https://www.npmjs.com/package/inflight?activeTab=versions, the details are below Veracode Software Composition Analysis(SCA) scan screenshot
SRCCLR-SID-41137
Memory Leak: inflight is vulnerable to a Memory Leak. The vulnerability is due to lack of restriction
s on how many callbacks the library can concurrently support, which can result in a NodeJS out of heap memory crash.
We scanned using a licensed version of veracode tool
Inflight is no more maintained and react-script latest version 5.0.1 has this vulnerability
Please let us know if this can be fixed or any work around