Open thumbsappscr opened 3 years ago
Please, fix, update inside dependencies with high vulnerabilities:
High Command Injection
Package lodash
Patched in >=4.17.21
Dependency of node-ews
Path node-ews > lodash
More info https://npmjs.com/advisories/1673
High Improper Key Verification
Package xml-crypto
Patched in >=2.0.0
Path node-ews > soap > xml-crypto
More info https://npmjs.com/advisories/1583
Low Misinterpretation of malicious XML input
Package xmldom
Patched in >=0.5.0
Path node-ews > soap > xml-crypto > xmldom
More info https://npmjs.com/advisories/1650
High Arbitrary Code Execution
Package underscore
Patched in >=1.12.1
Path node-ews > httpntlm > underscore
More info https://npmjs.com/advisories/1674
found 5 vulnerabilities (2 low, 3 high) in 362 scanned packages 5 vulnerabilities require manual review. See the full report for details.
I'm using "node-ews": "^3.4.2"
Thanks.
Please, fix, update inside dependencies with high vulnerabilities:
High Command Injection
Package lodash
Patched in >=4.17.21
Dependency of node-ews
Path node-ews > lodash
More info https://npmjs.com/advisories/1673
High Improper Key Verification
Package xml-crypto
Patched in >=2.0.0
Dependency of node-ews
Path node-ews > soap > xml-crypto
More info https://npmjs.com/advisories/1583
Low Misinterpretation of malicious XML input
Package xmldom
Patched in >=0.5.0
Dependency of node-ews
Path node-ews > soap > xml-crypto > xmldom
More info https://npmjs.com/advisories/1650
High Arbitrary Code Execution
Package underscore
Patched in >=1.12.1
Dependency of node-ews
Path node-ews > httpntlm > underscore
More info https://npmjs.com/advisories/1674
found 5 vulnerabilities (2 low, 3 high) in 362 scanned packages 5 vulnerabilities require manual review. See the full report for details.
I'm using "node-ews": "^3.4.2"
Thanks.