Moderate vulnerability in static-module v.1 used

scijs / cwise

Component-wise operations for ndarrays

MIT License

122 stars 12 forks source link

Moderate vulnerability in static-module v.1 used #24

Open ekelvin opened 6 years ago

ekelvin commented 6 years ago

Can you please consider upgrade to version 3 on which this is patched?

Moderate Sandbox Breakout / Arbitrary Code Execution Package static-eval Patched in >=2.0.0 Dependency of static-module Path static-module > static-eval More info https://nodesecurity.io/advisories/548

bbruneau commented 5 years ago

Bueller?

WieserSoftware commented 5 years ago

There seems to be a PR that already does this. https://github.com/scijs/cwise/pull/21

adarob commented 5 years ago

/sub