#CVE-2022-24999 in @nestjs-modules/mailer@1.8.1

MihaiVoinea commented 1 year ago

yarn audit v1.22.19
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ qs vulnerable to Prototype Pollution                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ qs                                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=6.9.7                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ api                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ api > @nestjs-modules/mailer > inline-css > extract-css >    │
│               │ href-content > remote-content > superagent > formidable > qs │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1085139                     │
└───────────────┴──────────────────────────────────────────────────────────────┘

https://github.com/advisories/GHSA-hrpp-h998-j3pp

dzcpy commented 1 year ago

Is this project abandoned?

juandav commented 1 year ago

It's not abandoned, but my time is scarce, so I welcome volunteers to help improve the project.

ahmadalfy commented 1 year ago

I'll be glad to help if you are welling to accept contributions.

herefishyfish commented 1 year ago

@juandav could you please publish a release with the inline-css fix?

nest-modules / mailer

#CVE-2022-24999 in @nestjs-modules/mailer@1.8.1 #923