[
https://issues.apache.org/jira/browse/CB-7736?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14233488#comment-14233488
]
ASF subversion and git services commented on CB-7736:
-----------------------------------------------------
Commit f99de0d2c935c444cf982dfb2d3015bfaa09efe6 in cordova-lib's branch
refs/heads/master from [~kamrik]
[ https://git-wip-us.apache.org/repos/asf?p=cordova-lib.git;h=f99de0d ]
CB-7736 Update npm dep to promote qs module to 1.0
Thanks to Andrey Kurdyumov for pull request.
GitHub: close #125
> Vulnerability in qs dependency
> ------------------------------
>
> Key: CB-7736
> URL: https://issues.apache.org/jira/browse/CB-7736
> Project: Apache Cordova
> Issue Type: Bug
> Components: CLI
> Affects Versions: 3.6.0
> Reporter: Victor Adrian Sosa Herrera
> Priority: Critical
>
> There is a very well documented vulnerability issue in the qs module that
> comes as a dependency in request in cordova-cli
> https://nodesecurity.io/advisories/qs_dos_memory_exhaustion
> Here the tree of modules
> [email protected]
> ┬ [email protected]
> ├─┬ [email protected]
> │ └─┬ [email protected]
> │ └── [email protected]
> └─┬ [email protected]
> └── [email protected]
> Even though the tree says it is in a Cordova 3.5.0, the same versions are
> found in 3.6.3
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
