search

mfcollins3 / openssl-apple

Swift package that wraps and exposes OpenSSL for Apple platforms (iOS, macOS)
MIT License
3 stars 1 forks source link

Vulnerabilities #5

Open CodelCZ opened 10 months ago

CodelCZ commented 10 months ago

The used openssl version is not the latest and contains vulnerabilities. Is it possible to update it to the latest one? Thanks.

Cventura-10 commented 9 months ago

Severity: high Regular Expression Denial of Service in semver - https://github.com/advisories/GHSA-x6fg-f45m-jf5q semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw No fix available

Cventura-10 commented 9 months ago

Some issues need review, and may require choosing a different dependency.

Run npm audit for details. carlosventura@server seus-gama % npm audit

npm audit report

bl <=1.2.2 Severity: moderate Memory Exposure in bl - https://github.com/advisories/GHSA-wrw9-m778-g6mc Remote Memory Exposure in bl - https://github.com/advisories/GHSA-pp7h-53gx-mx7r No fix available node_modules/levelup/node_modules/bl levelup 0.9.0 - 1.0.0-5 Depends on vulnerable versions of bl Depends on vulnerable versions of semver node_modules/levelup browserify-fs * Depends on vulnerable versions of levelup node_modules/browserify-fs

Cventura-10 commented 9 months ago

package.json

Cventura-10 commented 9 months ago

package-lock.json