同学，您这个项目引入了1296个开源组件，存在3个漏洞，辛苦升级一下 #1

dependasec · 2022-03-14T13:15:16Z

检测到 hani-q/polygon-start 一共引入了1296个开源组件，存在3个漏洞

漏洞标题：npm node-fetch 安全漏洞
缺陷组件：[email protected]
漏洞编号：CVE-2020-15168
漏洞描述：node-fetch 2.6.1和3.0.0-beta版本中存在安全漏洞。该漏洞源于内容大小超过限制时，将永远不会抛出FetchError。
影响范围：(∞, 2.6.1)
最小修复版本：2.6.1
缺陷组件引入路径：[email protected]>@web3-react/[email protected]>[email protected]>[email protected]>[email protected]>[email protected]
[email protected]>@truffle/[email protected]>@trufflesuite/[email protected]>@trufflesuite/[email protected]>[email protected]>[email protected]
[email protected]>@truffle/[email protected]>@trufflesuite/[email protected]>@trufflesuite/[email protected]>[email protected]>[email protected]
[email protected]>@truffle/[email protected]>@trufflesuite/[email protected]>[email protected]>[email protected]
[email protected]>@web3-react/[email protected]>@walletconnect/[email protected]>@walletconnect/[email protected]>[email protected]>[email protected]

另外还有3个漏洞，详细报告：https://mofeisec.com/jr?p=aafa5c

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

同学，您这个项目引入了1296个开源组件，存在3个漏洞，辛苦升级一下 #1

同学，您这个项目引入了1296个开源组件，存在3个漏洞，辛苦升级一下 #1

dependasec bot commented Mar 14, 2022

同学，您这个项目引入了1296个开源组件，存在3个漏洞，辛苦升级一下 #1

同学，您这个项目引入了1296个开源组件，存在3个漏洞，辛苦升级一下 #1

Comments

dependasec bot commented Mar 14, 2022