How to fix CVE-2023-29827 ?

mde / ejs

Embedded JavaScript templates -- http://ejs.co

Apache License 2.0

7.66k stars 834 forks source link

Closed kraison1 closed 1 year ago

kraison1 commented 1 year ago

I have a problem with black duck @mde Ref nvd: https://nvd.nist.gov/vuln/detail/CVE-2023-29827

Dependency Path: react-scripts (5.0.1) -> workbox-build (6.6.0) -> @surma/rollup-plugin-off-main-thread (2.2.3) -> ejs(3.1.9)

Img nvd Screen-Shot-2566-06-26-at-11.40.097f8bd4d89d054c96.png

Img black duck Screen-Shot-2566-06-26-at-11.23.03.png

RyanZim commented 1 year ago

Erroneous vulnerability report; dupe of https://github.com/mde/ejs/issues/720.