search

forwardemail / email-templates

Create, preview (browser/iOS Simulator), and send custom email templates for Node.js. Made for @forwardemail, @ladjs, @cabinjs, @spamscanner, and @breejs.
https://forwardemail.net/docs/send-emails-with-node-js-javascript
MIT License
3.64k stars 339 forks source link

Arbitrary Code Execution audit error #425

Closed kpotter-m2 closed 3 years ago

kpotter-m2 commented 3 years ago 
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Arbitrary Code Execution                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ underscore                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=1.12.1                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ email-templates                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ email-templates > @ladjs/i18n > country-language >           │
│               │ underscore                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1674                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Arbitrary Code Execution                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ underscore                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=1.12.1                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ email-templates                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ email-templates > @ladjs/i18n > i18n-locales >               │
│               │ country-language > underscore                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1674                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
ghost commented 3 years ago

Yes, I am running into this also. Hopefully this can be fixed soon.

niftylettuce commented 3 years ago

This is not really a big issue but I'll bump it at some point soon

niftylettuce commented 3 years ago

v8.0.5 released https://github.com/forwardemail/email-templates/releases/tag/v8.0.5

niftylettuce commented 3 years ago

Sorry not yet fixed - I had to do one more, will be in v8.0.6

niftylettuce commented 3 years ago

v8.0.6 released https://github.com/forwardemail/email-templates/releases/tag/v8.0.6