mozilla
/
fxa
зеркало из https://github.com/mozilla/fxa.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
fxa/packages/fxa-content-server/.nsprc

31 строка
2.1 KiB
Plaintext
Исходник Ответственный История

{
"comment_532": "532 is RegExp denial of service caused by convict. See https://github.com/mozilla/fxa-content-server/issues/6445 about updating convict",
"comment_577": "577 is prototype pollution in lodash, used by convict, grunt-usemin, grunt-z-schema.",
"comment_745": "745 is RegExp denial by grunt-remarkable.",
"comment_782": "782 is prototype pollution in lodash, used by convict, grunt-usemin, grunt-z-schema.",
"comment_786": "786 is RegExp denial of service caused by braces in babel-cli, dev-dep",
"comment_961": "961 is a DOS against node-sass",
"comment_1065": "1065 is prototype pollution in lodash, used by convict, grunt-usemin, grunt-z-schema.",
"comment_1084": "1084 is Mem denial of service is caused by cache not being removed even with maxage prop",
"comment_1179": "1179 is prototype pollution in minimist, used by eslint, grunt, webpack, i18n-abide, and handlebars. See https://github.com/mozilla/fxa/issues/4592 to investigate whether handlebars might have a vulnerability.",
"comment_1426": "1426 is Cross-Site Scripting (XSS) in serialize-javascript, used by uglifyjs-webpack-plugin",
"comment_1217": "1217 is an arbitrary file write issue in decompress, used by @theintern/digdug",
"comment_1488": "1488 is DoS against acorn, used in i18n libraries, grunt-sass-lint, and webpack. It only applies if untrusted user content is passed in.",
"comment_1500": "1500 is prototype pollution in yargs-parser, used by node-sass, postcss-cli, and two pinned deps identified only by git SHA. Shouldn't affect us, as untrusted input is never passed via CLI.",
"exceptions": [
"https://npmjs.com/advisories/532",
"https://npmjs.com/advisories/577",
"https://npmjs.com/advisories/745",
"https://npmjs.com/advisories/782",
"https://npmjs.com/advisories/786",
"https://npmjs.com/advisories/961",
"https://npmjs.com/advisories/1065",
"https://npmjs.com/advisories/1084",
"https://npmjs.com/advisories/1179",
"https://npmjs.com/advisories/1217",
"https://npmjs.com/advisories/1426",
"https://npmjs.com/advisories/1488",
"https://npmjs.com/advisories/1500"
]
}
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку