Versions of eslint-utils >=1.2.0 or <1.4.1 are vulnerable to Arbitrary Code Execution. The getStaticValue does not properly sanitize user input allowing attackers to supply malicious input that executes arbitrary code during the linting process. The getStringIfConstant and getPropertyName functions are not affected.
Recommendation
Upgrade to version 1.4.1 or later.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, click this checkbox.
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
1.3.1
->1.4.1
GitHub Vulnerability Alerts
CVE-2019-15657
Versions of
eslint-utils
>=1.2.0 or <1.4.1 are vulnerable to Arbitrary Code Execution. ThegetStaticValue
does not properly sanitize user input allowing attackers to supply malicious input that executes arbitrary code during the linting process. ThegetStringIfConstant
andgetPropertyName
functions are not affected.Recommendation
Upgrade to version 1.4.1 or later.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.