search

mac-zhou / midea-ac-py

Home Assistant Custom Integration for Midea Group(Hualing, Senville, Klimaire, AirCon, Century, Pridiom, Thermocore, Comfee, Toshiba, Carrier, Goodman, Friedrich, Samsung, Kenmore, Trane, Lennox, LG and much more) Air Conditioners via LAN.
MIT License
539 stars 103 forks source link

3 high severity vulnerabilities #148

Open SebastianStorb opened 2 years ago

SebastianStorb commented 2 years ago 
axios  <=0.21.1
Severity: high
Incorrect Comparison in axios - https://github.com/advisories/GHSA-cph5-m8f7-6c5                                                                             x
Server-Side Request Forgery in Axios - https://github.com/advisories/GHSA-4w2v-q                                                                             235-vp99
Depends on vulnerable versions of follow-redirects
No fix available
node_modules/axios
  node-mideahvac  *
  Depends on vulnerable versions of axios
  node_modules/node-mideahvac

follow-redirects  <=1.14.7
Severity: high
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects -                                                                              https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
Exposure of sensitive information in follow-redirects - https://github.com/advis                                                                             ories/GHSA-74fj-2j2h-c42q
No fix available
node_modules/follow-redirects
  axios  <=0.21.1
  Depends on vulnerable versions of follow-redirects
  node_modules/axios
    node-mideahvac  *
    Depends on vulnerable versions of axios
    node_modules/node-mideahvac

3 high severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Versions (版本信息) Home Assistant 2021.9.6 last update

mac-zhou commented 2 years ago

I have never used node, i don't understand.

SebastianStorb commented 2 years ago

ok - i don´t know as well - what i did: npm remove axios

Hope that it helps