[jira] [Created] (CB-7736) Vulnerability in qs dependency

[Victor Adrian Sosa Herrera (JIRA)]

Victor Adrian Sosa Herrera created CB-7736:
----------------------------------------------

             Summary: Vulnerability in qs dependency
                 Key: CB-7736
                 URL: https://issues.apache.org/jira/browse/CB-7736
             Project: Apache Cordova
          Issue Type: Bug
          Components: CordovaLib
    Affects Versions: 3.6.0
            Reporter: Victor Adrian Sosa Herrera
            Priority: Critical


There is a very well documented vulnerability issue in the qs module that comes 
as a dependency in request in cordova-cli

https://nodesecurity.io/advisories/qs_dos_memory_exhaustion

Here the tree of modules
cordova@3.5.0-0.2.6
┬ cordova-lib@0.21.6
├─┬ npm@1.3.4
│ └─┬ request@2.21.0
│   └── qs@0.6.5
└─┬ request@2.22.0
  └── qs@0.6.6

Even though the tree says it is in a Cordova 3.5.0, the same versions are found 
in 3.6.3



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org