react-datamaps icon indicating copy to clipboard operation
react-datamaps copied to clipboard
verified publisher icon btmills

Vulnerabilities issue

Open garyhlai opened this issue 7 years ago • 1 comments

screen shot 2019-01-03 at 5 45 41 pm

There are two vulnerabilities issues. "Missing Origin Validation" and "Command Injection." If I try to fix them by running "nom install --save-dev [email protected]" it will break the code. Help please?

garyhlai avatar Jan 03 '19 22:01 garyhlai

The good news is that the published react-datamaps package doesn’t depend on webpack-dev-server at all. It’s just the examples, which don’t get published, that use the old version. That also makes this much less severe since the vulnerability won’t be part of any production system. If you’re interested in fixing this, I’d welcome a pull request that upgrades the examples to use the latest webpack and webpack-dev-server!

btmills avatar Jan 05 '19 16:01 btmills