search

illuspas / Node-Media-Server

A Node.js implementation of RTMP/HTTP-FLV Media Server
https://www.npmjs.com/package/node-media-server
Apache License 2.0
6k stars 1.53k forks source link

npm audit: 3 moderate severity vulnerabilities with latest version #656

Open twilson90 opened 2 months ago

twilson90 commented 2 months ago 
# npm audit report

send  <0.19.0
Severity: moderate
send vulnerable to template injection that can lead to XSS - https://github.com/advisories/GHSA-m6fv-jmcg-4jfg
fix available via `npm audit fix --force`
Will install node-media-server@2.6.6, which is a breaking change
node_modules/http2-express-bridge/node_modules/send
  http2-express-bridge  *
  Depends on vulnerable versions of send
  node_modules/http2-express-bridge
    node-media-server  >=2.7.0
    Depends on vulnerable versions of http2-express-bridge
    node_modules/node-media-server

3 moderate severity vulnerabilities
illuspas commented 20 hours ago

Replace from http2-express-bridge to http2-express, no longer dependent on send, Please update to 2.7.4