otisg
commented
4 years ago Hey @roelsgaard , thanks for pointing that out. We will be replacing node-df shortly.
Closed roelsgaard closed 4 years ago
otisg
commented
4 years ago Hey @roelsgaard , thanks for pointing that out. We will be replacing node-df shortly.
adnanrahic
commented
4 years ago Hi @roelsgaard ! We'll remove node-df this week. I'll make a note to let you know once we release a new version of the agent. Thanks again for opening this issue!
adnanrahic
commented
4 years ago Hey! We've released anew version of the agent without the node-df dependency. Closing this issue.
It looks like you use node-df. However node-df has a serious vulnerability for command injections and currently there are no fix fo this. I would strongly suggest to find an alternative or leave out the package altogether until it is fixed. https://www.npmjs.com/advisories/1431