Quick research:
https://www.npmjs.com/advisories/612
node-deep-extend popcon = ~1900
apt-cache rdepends node-deep-extend
node-deep-extend
Reverse Depends:
node-rc
the watch file for node-rc is not picking up new releases because upstream uses
the commit message to tag them instead of a
Control: tags -1 + security
Le 08/04/2019 à 00:22, Jeff Cliff a écrit :
> Package: node-deep-extend
> Version: 0.4.1-1
> Severity: important
>
> Dear Maintainer,
>
> As per the ubuntu bug report:
>
> from https://snyk.io/vuln/npm:deep-extend:20180409 :
>
> deep-extend "all the listed modules
Package: node-deep-extend
Version: 0.4.1-1
Severity: important
Dear Maintainer,
As per the ubuntu bug report:
from https://snyk.io/vuln/npm:deep-extend:20180409 :
deep-extend "all the listed modules can be tricked into modifying the prototype
of "Object"
when the attacker control part of
3 matches
Mail list logo