You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While running npm audit I got vulnerabilities from express brute through underscore. I saw some discussion here about changing underscore for 2.0, so I guess this issue won't be open for long. Maybe updating underscore from 1.8.3 to 1.12.0 for express-brute 1.0.2 may do the trick, but I didn't take the time to be sure.
# npm audit report
express-brute *
Severity: high
Rate Limiting Bypass in express-brute - https://github.com/advisories/GHSA-984p-xq9m-4rjw
Depends on vulnerable versions of underscore
No fix available
node_modules/express-brute
underscore 1.3.2 - 1.12.0
Severity: high
Arbitrary Code Execution in underscore - https://github.com/advisories/GHSA-cf4h-3jhx-xvhq
No fix available
node_modules/express-brute/node_modules/underscore
express-brute *
Depends on vulnerable versions of underscore
node_modules/express-brute
2 high severity vulnerabilities
The text was updated successfully, but these errors were encountered:
While running npm audit I got vulnerabilities from express brute through underscore. I saw some discussion here about changing underscore for 2.0, so I guess this issue won't be open for long. Maybe updating underscore from 1.8.3 to 1.12.0 for express-brute 1.0.2 may do the trick, but I didn't take the time to be sure.
The text was updated successfully, but these errors were encountered: