Webpack-dev-server: Vulnerability 1012

Created on 12 Jul 2019  路  5Comments  路  Source: webpack/webpack-dev-server

Team,

https://www.npmjs.com/advisories/1012 was just raised today. It looks like it's based in http-proxy-middleware do you guys have an estimate on how long you think it'll take to get a release out that'll resolve this?

it looks like cache-base may be the bottleneck here

picture dalefrancis88
👍2

Most helpful comment

I did, i actually created a PR but i was curious if you guys were actively engaging is all

picture dalefrancis88 on 12 Jul 2019
👍3

All 5 comments

It is development server, so this security problem is not high priority here, also we don't use set-value directly so we can't do something on our side, please open issue in cache-base, sorry

alexander-akait picture alexander-akait on 12 Jul 2019

I did, i actually created a PR but i was curious if you guys were actively engaging is all

dalefrancis88 picture dalefrancis88 on 12 Jul 2019
👍3

Let's keep open for tracking

alexander-akait picture alexander-akait on 12 Jul 2019
👍2

For me it looks like I suddenly went from 0 vulnerabilities to uh... 765? I guess there is 褋ombinatorial explosion involved.
Ok, maybe there is no real vulnerability here. But If there was now, I would have definitely missed it behind these 765.

mixtur picture mixtur on 15 Jul 2019

Problem was on npm side, now we doesn't have any vulnerability, thanks for issue

alexander-akait picture alexander-akait on 15 Jul 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

wojtekmaj picture wojtekmaj  路  3Comments
uMaxmaxmaximus picture uMaxmaxmaximus  路  3Comments
piotrszaredko picture piotrszaredko  路  3Comments
mischkl picture mischkl  路  3Comments
hnqlvs picture hnqlvs  路  3Comments