plugin-gateway
plugin-gateway copied to clipboard
Monibuca
控制台界面插件,可显示自己以及其他插件的UI界面,并提供HTTP的API接口访问
检测到 Monibuca/plugin-gateway 一共引入了47个开源组件,存在1个漏洞 ``` 漏洞标题:go-yaml < 2.2.8拒绝服务漏洞 缺陷组件:gopkg.in/[email protected] 漏洞编号:CVE-2019-11254 漏洞描述:gopkg.in/yaml.v2是go语言中用于处理yaml格式的包。 在2.2.8之前的版本中,处理恶意的yaml数据时,会导致CPU资源耗尽。 漏洞由Kubernetes开发者在fuzz测试中发现并提交修复补丁。 国家漏洞库信息:https://www.cnvd.org.cn/flaw/show/CNVD-2020-35519 影响范围:(∞, 2.2.8) 最小修复版本:2.2.8 缺陷组件引入路径:github.com/Monibuca/plugin-gateway/v3@->gopkg.in/[email protected] ``` 另外还有几个漏洞,详细报告:https://mofeisec.com/jr?p=aa42bd
Bumps [highlight.js](https://github.com/highlightjs/highlight.js) from 9.18.1 to 9.18.5. Changelog Sourced from highlight.js's changelog. Release v9.18.5 Version 9 has reached end-of-support and will not receive future updates or fixes. Please see VERSION_10_UPGRADE.md and...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [http-proxy](https://github.com/http-party/node-http-proxy) from 1.18.0 to 1.18.1. Changelog Sourced from http-proxy's changelog. v1.18.1 - 2020-05-17 Merged Skip sending the proxyReq event when the expect header is present [#1447](https://github.com/http-party/node-http-proxy/issues/1447) Remove node6 support,...
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.2 to 6.5.3. Commits 8647803 6.5.3 856fe4d signature: prevent malleability and overflows See full diff in compare view [](https://help.github.com/articles/configuring-automated-security-fixes) Dependabot will resolve any conflicts with...
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19. Release notes Sourced from lodash's releases. 4.17.16 Commits d7fbc52 Bump to v4.17.19 2e1c0f2 Add npm-package 1b6c282 Bump to v4.17.18 a370ac8 Bump to v4.17.17 1144918...
Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-node) from 0.1.3 to 0.1.4. Changelog Sourced from websocket-extensions's changelog. 0.1.4 / 2020-06-02 Remove a ReDoS vulnerability in the header parser (CVE-2020-7662, reported by Robert McLaughlin) Change license from...