pac-resolver > netmask high severity vulnerability (upgrade to pac-resolver 4.2.0 to fix it)
klebeer opened this issue · comments
Kleber Ayala commented
pac-resolver dependency is using netmask version <= 2.0.0, this version is with a high severity vulnerability:
more info:
- https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/
- https://npmjs.com/advisories/1658
This bug is patched on netmask 2.0.1, and pac-resolver 4.2.0
Nathan Rajlich commented
Please check the existing issues first.