Security vulnerability of medium severity in react script module for inflight transitive dependency

[wesco-vishalprasad]

When i create a create react app i found a medium security vulnerability in inflight library https://www.npmjs.com/package/inflight?activeTab=versions, the details are below Veracode Software Composition Analysis(SCA) scan screenshot SRCCLR-SID-41137 Memory Leak: inflight is vulnerable to a Memory Leak. The vulnerability is due to lack of restriction s on how many callbacks the library can concurrently support, which can result in a NodeJS out of heap memory crash. We scanned using a licensed version of veracode tool Inflight is no more maintained and react-script latest version 5.0.1 has this vulnerability Please let us know if this can be fixed or any work around

[wesco-vishalprasad]

Any update on this?

[ammusiva]

I too required to fix this vulnerability

[diegoalbertopp]

Help me please

[avkamolov]

Any updates on this?

[wesco-anurajka]

Is anybody working on this?

[thecodeinfluencer]

Are you sure this comes from react-scripts? Check under Dependancy Graph section on the Veracode SCA scan. For me it came from eslint package and react scripts had no issue. If for anyone else it is the eslint package then here's how I sorted it out:

https://dev.to/thecodeinfluencer/possible-fix-inflight-reported-as-a-vulnerability-in-react-project-veracode-sca-2b1h

[zhibirc]

npm ls inflight Also, this explanation may be useful: https://github.com/facebook/create-react-app/issues/11174#issue-935928547

[famiclone]

https://github.com/facebook/create-react-app/blob/main/package-lock.json#L15116