[Security] Usage of this package is vulnerable for injection

rahulramesha / http2-express-bridge

wrapper for express app to work with http2 protocol

MIT License

31 stars 8 forks source link

[Security] Usage of this package is vulnerable for injection #12

Open Bizarrus opened 2 weeks ago

Bizarrus commented 2 weeks ago

[!WARNING] Module: send < 0.19.0 Severity: moderate

[!CAUTION] send vulnerable to template injection that can lead to XSS - https://github.com/advisories/GHSA-m6fv-jmcg-> 4jfg


node_modules/http2-express-bridge/node_modules/send
   http2-express-bridge  *
   Depends on vulnerable versions of send
   node_modules/http2-express-bridge```