search

shorwood / strapi-provider-upload-do

Strapi Upload Provider for Digital Ocean Spaces. This provider will upload to the space using the AWS S3 API.
MIT License
59 stars 32 forks source link

Please upgrade urijs => 1.19.10 #18

Open snappytux opened 1 year ago

snappytux commented 1 year ago

I use dependency-scan and it worked out like this.

urijs  <=1.19.10
Severity: high
Incorrect protocol extraction via \r, \n and \t characters - https://github.com/advisories/GHSA-3vjf-82ff-p4r3
URL Confusion When Scheme Not Supplied in medialize/uri.js - https://github.com/advisories/GHSA-g694-m8vq-gv9h
Hostname spoofing via backslashes in URL  - https://github.com/advisories/GHSA-89gv-h8wf-cg8r
Open Redirect in urijs - https://github.com/advisories/GHSA-8h2f-7jc4-7m3m
Leading white space bypasses protocol validation - https://github.com/advisories/GHSA-gmv4-r438-p67f
Authorization Bypass Through User-Controlled Key in urijs - https://github.com/advisories/GHSA-gcv8-gh4r-25x6

Please upgrade urijs to more than 1.19.10.