search

remy / nodemon

Monitor for any changes in your node.js application and automatically restart the server - perfect for development
http://nodemon.io/
MIT License
26.32k stars 1.73k forks source link

CVE-2014-1936,nodemon introduce rc@1.2.8 raise security issue #2024

Closed xiangwj closed 2 years ago

xiangwj commented 2 years ago

Expected behaviour

version of rc introduced by nodemon later than 1.7.1-5 to fix CVE-2014-1936

Actual behaviour

version of rc introduced by nodemon is 1.2.8

Steps to reproduce

visit https://npm.anvaka.com/#/view/2d/nodemon and find the rc

https://nvd.nist.gov/vuln/detail/CVE-2014-1936

remy commented 2 years ago

Fixed in #2033