Giters

notifme / notifme-sdk

A Node.js library to send all kinds of transactional notifications.

Home Page:https://notifme.github.io/www/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

nsp fails notifme-sdk due to https://nodesecurity.io/advisories/566

TomSpeed opened this issue · comments

commented

(+) 1 vulnerability found

Prototype pollution attack

Name: hoek
CVSS: 4 (Medium)
Installed: 2.16.3
Vulnerable: <= 4.2.0 || >= 5.0.0 < 5.0.3
Patched: > 4.2.0 < 5.0.0 || >= 5.0.3
Path: notifme-sdk@1.6.0 > node-pushnotifications@1.0.18 > node-gcm@0.14.10 > request@2.81.0 > hawk@3.1.3 > hoek@2.16.3
More Info: https://nodesecurity.io/advisories/566