react-scripts 4.3.0 vulnerabilities #11123
Labels
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
{{ message }}
after "npm install react-scripts 4.3.0" there are 4 high vulnerabilities
OS: windows 10 64 bit
Reproduction steps: -
execute "npm install react-scripts 4.3.0"
output: -found 8 vulnerabilities (4 moderate, 4 high) in XXX scanned packages
8 vulnerabilities require manual review. See the full report for details.
High Regular Expression Denial of Service
Package normalize-url
Patched in >=4.5.1 <5.0.0 || >=5.3.1 <6.0.0 || >=6.0.1
Patched in >=4.5.1 <5.0.0 || >=5.3.1 <6.0.0 || >=6.0.1
Dependency of react-scripts
Path react-scripts > optimize-css-assets-webpack-plugin > cssnano
> cssnano-preset-default > postcss-normalize-url >
normalize-url
High Regular Expression Denial of Service
Package normalize-url
Patched in >=4.5.1 <5.0.0 || >=5.3.1 <6.0.0 || >=6.0.1
Dependency of react-scripts
Path react-scripts > mini-css-extract-plugin > normalize-url
High Denial of Service
Package css-what
Patched in >=5.0.1
Dependency of react-scripts
Path react-scripts > optimize-css-assets-webpack-plugin > cssnano
> cssnano-preset-default > postcss-svgo > svgo > css-select
> css-what
The text was updated successfully, but these errors were encountered: