Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

同学,您这个项目引入了199个开源组件,存在11个漏洞,辛苦升级一下 #36

Open
dependasec bot opened this issue Mar 14, 2022 · 0 comments

Comments

@dependasec
Copy link

dependasec bot commented Mar 14, 2022

检测到 liuderchi/chattium 一共引入了199个开源组件,存在11个漏洞

漏洞标题:requests 代码注入漏洞
缺陷组件:[email protected]
漏洞编号:CVE-2020-28502
漏洞描述:Dan DeFelippi node-XMLHttpRequest是  (Dan DeFelippi)开源的一个应用软件。用于模拟浏览器XMLHttpRequest对象。
node-XMLHttpRequest before 1.7.0 存在代码注入漏洞,攻击者可利用该漏洞导致任意代码注入并运行。
影响范围:(∞, 1.6.2)
最小修复版本:1.6.2
缺陷组件引入路径:[email protected]>[email protected]>[email protected]>[email protected]>[email protected]

另外还有11个漏洞,详细报告:https://mofeisec.com/jr?p=i81f04

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

0 participants