Hi,
During my tests and install of 389-ds cockpit plugin via npm I got this
warning:
"overview": "Versions of `handlebars` prior to 4.5.3 are vulnerable to
prototype pollution. It is possible to add or modify properties to the
Object prototype through a malicious template. This may allow attackers to
crash the application or execute Arbitrary Code in specific conditions.",
"recommendation": "Upgrade to version 4.5.3 or later.",
I had to update package-lock.json pointing to the latest version
of handlebars(4.5.3) in order to install it.
Just to let you guys know.
Cheers,
Alberto Viana
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
