Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ejs dependency vulnerability #153

Open
frankPairs opened this issue May 22, 2024 · 0 comments · May be fixed by #154
Open

ejs dependency vulnerability #153

frankPairs opened this issue May 22, 2024 · 0 comments · May be fixed by #154

Comments

@frankPairs
Copy link

frankPairs commented May 22, 2024
edited
Loading

Hey everyone!

In our project we are using a vulnerability software to detect possible security vulnerability problems. More concretely, we are using the OWASP project.

On the last run it detected a problem with one of the libraries that you are using on the core package. The dependency that contains the vulnerability is the ejs. This is the report generated by OWASP, so you can check the details:

Screenshot 2024-05-22 at 21 12 52

Would it be possible to update this library in order to solve the vulnerability issue?

Thanks a lot in advance
diego-hourly added a commit to diego-hourly/vite-plugin-html that referenced this issue May 29, 2024
@diego-hourly
fix: issue vbenjs#153
57504a2
@diego-hourly diego-hourly linked a pull request May 29, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: issue #153 diego-hourly/vite-plugin-html
1 participant
@frankPairs