Giters

paulyoung / fontello-cli

Command line interface for fontello.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Vulnerabilities found (1 high, 1 critical)

kayvanbree opened this issue · comments

commented

Just run npm audit:

=== npm audit security report ===                        
                                                                                
                                                                                
                                 Manual Review                                  
             Some vulnerabilities require your attention to resolve             
                                                                                
          Visit https://go.npm.me/audit-guide for additional guidance           
                                                                                
                                                                                
  Critical        Command Injection                                             
                                                                                
  Package         open                                                          
                                                                                
  Patched in      >0.0.5                                                        
                                                                                
  Dependency of   fontello-cli [dev]                                            
                                                                                
  Path            fontello-cli > open                                           
                                                                                
  More info       https://nodesecurity.io/advisories/663                        
                                                                                
                                                                                
  High            Arbitrary File Overwrite                                      
                                                                                
  Package         fstream                                                       
                                                                                
  Patched in      >=1.0.12                                                      
                                                                                
  Dependency of   fontello-cli [dev]                                            
                                                                                
  Path            fontello-cli > unzip > fstream                                
                                                                                
  More info       https://nodesecurity.io/advisories/886                        
                                                                                
found 2 vulnerabilities (1 high, 1 critical) in 81 scanned packages
  2 vulnerabilities require manual review. See the full report for details.
commented

Resolved in #35