temp-file-viewer
temp-file-viewer copied to clipboard
mrdear
临时文件分享中转站
检测到 mrdear/temp-file-viewer 一共引入了6个开源组件,存在61个漏洞 ``` 漏洞标题:FasterXML jackson-databind 代码问题漏洞 缺陷组件:com.fasterxml.jackson.core:[email protected] 漏洞编号:CVE-2018-11307 漏洞描述:FasterXML jackson-databind是一个基于JAVA可以将XML和JSON等数据格式与JAVA对象进行转换的库。Jackson可以轻松的将Java对象转换成json对象和xml文档,同样也可以将json、xml转换成Java对象。 FasterXML jackson-databind 2.7.9.4之前版本、2.8.11.2之前版本和2.9.6之前版本中存在安全漏洞。攻击者可利用该漏洞绕过对数据的访问限制,获取敏感信息。 国家漏洞库信息:https://www.cnvd.org.cn/flaw/show/CNVD-2019-37154 影响范围:[2.8.0, 2.8.11.2) 最小修复版本:2.8.11.2 缺陷组件引入路径:cn.ifreehub:[email protected]>io.jsonwebtoken:[email protected]>com.fasterxml.jackson.core:[email protected] ``` 另外还有61个漏洞,详细报告:https://mofeisec.com/jr?p=idc411
Bumps [karma](https://github.com/karma-runner/karma) from 1.7.1 to 6.3.16. Release notes Sourced from karma's releases. v6.3.16 6.3.16 (2022-02-10) Bug Fixes security: mitigate the "Open Redirect Vulnerability" (ff7edbb) v6.3.15 6.3.15 (2022-02-05) Bug Fixes helper:...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.5.0 to 1.14.8. Commits 3d81dc3 Release version 1.14.8 of the npm package. 62e546a Drop confidential headers across schemes. 2ede36d Release version 1.14.7 of the npm package. 8b347cb...
Bumps [chownr](https://github.com/isaacs/chownr) from 1.0.1 to 1.1.4. Commits 814f642 1.1.4 a0d7ae0 push to github before npm 1a3667a ignore stuff 147eac4 Full tests, handle errors properly in many cases 578fb9f update tap,...
Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.5 to 1.0.7. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...
Bumps [dns-packet](https://github.com/mafintosh/dns-packet) from 1.3.1 to 1.3.4. Commits ebdf849 1.3.4 ac57872 move all allocUnsafes to allocs for easier maintenance c64c950 1.3.3 0598ba1 fix .. in encodingLength 010aedb 1.3.2 0d0d593 backport encodingLength...
Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.6.0 to 2.8.9. Changelog Sourced from hosted-git-info's changelog. 2.8.9 (2021-04-07) Bug Fixes backport regex fix from #76 (29adfe5), closes #84 2.8.8 (2020-02-29) Bug Fixes #61 & #65...
Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.0.11 to 4.7.7. Changelog Sourced from handlebars's changelog. v4.7.7 - February 15th, 2021 fix weird error in integration tests - eb860c0 fix: check prototype property access in...
Bumps [guava](https://github.com/google/guava) from 24.0-jre to 29.0-jre. Release notes Sourced from guava's releases. 29.0 Maven <dependency> <groupId>com.google.guava</groupId> <artifactId>guava</artifactId> <version>29.0-jre</version> <!-- or, for Android: --> <version>29.0-android</version> </dependency> Javadoc 29.0-jre 29.0-android JDiff 29.0-jre...
Bumps [y18n](https://github.com/yargs/y18n) from 3.2.1 to 3.2.2. Commits See full diff in compare view Maintainer changes This version was pushed to npm by oss-bot, a new releaser for y18n since your...