[jira] [Commented] (CB-7736) Vulnerability in qs dependency

ASF GitHub Bot (JIRA) Thu, 27 Nov 2014 05:09:03 -0800

    [ 
https://issues.apache.org/jira/browse/CB-7736?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14227629#comment-14227629
 ]


ASF GitHub Bot commented on CB-7736:
------------------------------------

Github user kant2002 closed the pull request at:

    https://github.com/apache/cordova-lib/pull/113


> Vulnerability in qs dependency
> ------------------------------
>
>                 Key: CB-7736
>                 URL: https://issues.apache.org/jira/browse/CB-7736
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: CLI
>    Affects Versions: 3.6.0
>            Reporter: Victor Adrian Sosa Herrera
>            Priority: Critical
>
> There is a very well documented vulnerability issue in the qs module that 
> comes as a dependency in request in cordova-cli
> https://nodesecurity.io/advisories/qs_dos_memory_exhaustion
> Here the tree of modules
> [email protected]
> ┬ [email protected]
> ├─┬ [email protected]
> │ └─┬ [email protected]
> │   └── [email protected]
> └─┬ [email protected]
>   └── [email protected]
> Even though the tree says it is in a Cordova 3.5.0, the same versions are 
> found in 3.6.3



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (CB-7736) Vulnerability in qs dependency

Reply via email to