You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
cookie <0.7.0
cookie accepts cookie name, path, and domain with out of bounds characters - https://github.com/advisories/GHSA-pxg6-pf52-xh8x
No fix available
node_modules/cookie
express >=3.0.0-alpha1
Depends on vulnerable versions of cookie
node_modules/express
webpack-dev-server *
Depends on vulnerable versions of express
node_modules/webpack-dev-server
3 low severity vulnerabilities
Platform
Chrome (or Chromium based)
Firefox
Safari
Other desktop browser
Android browser
iOS browser
Electron app
Android mobile app
iOS mobile app
Custom app using a mobile SDK
Browser / app / sdk version
2.0.9753
Relevant log output
No response
Reproducibility
The problem is reproducible on meet.jit.si
More details?
When webpack-dev-server has updated to a version of express that is not vulnerable anymore, the fix is as simple as increasing the version in package.json.
Express already has a PR that addresses that. As such this is already in motion: expressjs/express#6017
The text was updated successfully, but these errors were encountered:
What happened?
Due to GHSA-pxg6-pf52-xh8x currently Jitsi cannot be installed from source.
Platform
Browser / app / sdk version
2.0.9753
Relevant log output
No response
Reproducibility
More details?
When webpack-dev-server has updated to a version of express that is not vulnerable anymore, the fix is as simple as increasing the version in
package.json
.Express already has a PR that addresses that. As such this is already in motion: expressjs/express#6017
The text was updated successfully, but these errors were encountered: