Closed ghost closed 2 years ago
检测到 khusika/FeelIt 一共引入了389个开源组件,存在2个漏洞
漏洞标题:npm path-parse 安全漏洞 缺陷组件:path-parse@1.0.6 漏洞编号:CVE-2021-23343 漏洞描述:npm path-parse是美国npm公司的一个应用插件。提供一个路径解析功能。 path-parse 存在安全漏洞,该漏洞源于受到通过splitDeviceRe、splitTailRe和splitPathRe正则表达式的正则表达式拒绝服务(ReDoS)的攻击。 影响范围:(∞, 1.0.7) 最小修复版本:1.0.7 缺陷组件引入路径:feelit-src@1.0.1->@babel/preset-env@7.14.7->babel-plugin-polyfill-regenerator@0.2.2->@babel/helper-define-polyfill-provider@0.2.3->resolve@1.20.0->path-parse@1.0.6 feelit-src@1.0.1->@babel/preset-env@7.14.7->babel-plugin-polyfill-corejs3@0.2.2->@babel/helper-define-polyfill-provider@0.2.3->resolve@1.20.0->path-parse@1.0.6 feelit-src@1.0.1->@babel/preset-env@7.14.7->babel-plugin-polyfill-corejs2@0.2.2->@babel/helper-define-polyfill-provider@0.2.3->resolve@1.20.0->path-parse@1.0.6 feelit-src@1.0.1->browserify@17.0.0->browser-resolve@2.0.0->resolve@1.20.0->path-parse@1.0.6 feelit-src@1.0.1->browserify@17.0.0->module-deps@6.2.3->browser-resolve@2.0.0->resolve@1.20.0->path-parse@1.0.6 feelit-src@1.0.1->browserify@17.0.0->module-deps@6.2.3->resolve@1.20.0->path-parse@1.0.6 feelit-src@1.0.1->browserify@17.0.0->resolve@1.20.0->path-parse@1.0.6
另外还有2个漏洞,详细报告:https://mofeisec.com/jr?p=i319e3
Please use English
khusika
commented
2 years ago khusika
commented
2 years ago
检测到 khusika/FeelIt 一共引入了389个开源组件,存在2个漏洞
另外还有2个漏洞,详细报告:https://mofeisec.com/jr?p=i319e3