Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Denial of Service in mem #43

Open
S474N opened this issue Feb 2, 2022 · 1 comment
Open

Denial of Service in mem #43

S474N opened this issue Feb 2, 2022 · 1 comment
Assignees
Labels
bug Something isn't working

Comments

@S474N
Copy link

S474N commented Feb 2, 2022

** Describe issue **
npm audit run in cli.

** Screens / Logs **

Moderate        Denial of Service in mem
Package         mem
Patched in      >=4.0.0
Dependency of   node-red-contrib-miio-roborock
Path            node-red-contrib-miio-roborock > miio > yargs > os-locale > mem
More info       https://github.com/advisories/GHSA-4xcv-9jjx-gfj3

** Hardware / Software **
  - Raspberry 4, Raspbian 11 64bit 

  • version of deconz gateway: 2.14.00 / 18. 12. 2021
      - version of node-red-contrib-deconz: 2.3.3
@S474N S474N added the bug Something isn't working label Feb 2, 2022
@S474N
Copy link
Author

S474N commented Feb 2, 2022

And another:

 Moderate         Inefficient Regular Expression Complexity in chalk/ansi-regex
  Package         ansi-regex
  Patched in      >=5.0.1
  Dependency of   node-red-contrib-miio-roborock
  Path            node-red-contrib-miio-roborock > miio > yargs > cliui > strip-ansi > ansi-regex
  More info       https://github.com/advisories/GHSA-93q8-gq69-wqmw
  Moderate         Inefficient Regular Expression Complexity in chalk/ansi-regex
  Package         ansi-regex
  Patched in      >=5.0.1
  Dependency of   node-red-contrib-miio-roborock
  Path            node-red-contrib-miio-roborock > miio > yargs > cliui > string-width > strip-ansi > ansi-regex
  More info       https://github.com/advisories/GHSA-93q8-gq69-wqmw
  Moderate        Prototype Pollution in yargs-parser
  Package         yargs-parser
  Patched in      >=13.1.2
  Dependency of   node-red-contrib-miio-roborock
  Path            node-red-contrib-miio-roborock > miio > yargs > yargs-parser
  More info       https://github.com/advisories/GHSA-p9pc-299p-vxgp

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants