This repository was archived by the owner on Nov 16, 2023. It is now read-only.
This repository was archived by the owner on Nov 16, 2023. It is now read-only.
Versions of eslint-utils >=1.2.0 or <1.4.1 are vulnerable to Arbitrary Code Execution. #30
Open
Description
USERui-MacBook-Pro:driver-license user$ npm audit --registry=https://registry.npmjs.org
=== npm audit security report ===
# Run npm update eslint-utils --depth 3 to resolve 1 vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical │ Arbitrary Code Execution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ eslint-utils │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ eslint-config-naver [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ eslint-config-naver > eslint > eslint-utils │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 critical severity vulnerability in 901864 scanned packages
run `npm audit fix` to fix 1 of them.https://www.npmjs.com/advisories/1118
https://github.com/naver/eslint-config-naver/blob/master/package-lock.json#L223
Metadata
Metadata
Assignees
Labels
No labels