[jira] [Updated] (CB-7736) Vulnerability in qs dependency

Victor Adrian Sosa Herrera (JIRA) Wed, 08 Oct 2014 09:29:59 -0700

     [ 
https://issues.apache.org/jira/browse/CB-7736?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Victor Adrian Sosa Herrera updated CB-7736:
-------------------------------------------
    Component/s:     (was: CordovaLib)
                 CLI

> Vulnerability in qs dependency
> ------------------------------
>
>                 Key: CB-7736
>                 URL: https://issues.apache.org/jira/browse/CB-7736
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: CLI
>    Affects Versions: 3.6.0
>            Reporter: Victor Adrian Sosa Herrera
>            Priority: Critical
>
> There is a very well documented vulnerability issue in the qs module that 
> comes as a dependency in request in cordova-cli
> https://nodesecurity.io/advisories/qs_dos_memory_exhaustion
> Here the tree of modules
> cordova@3.5.0-0.2.6
> ┬ cordova-lib@0.21.6
> ├─┬ npm@1.3.4
> │ └─┬ request@2.21.0
> │   └── qs@0.6.5
> └─┬ request@2.22.0
>   └── qs@0.6.6
> Even though the tree says it is in a Cordova 3.5.0, the same versions are 
> found in 3.6.3



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org

[jira] [Updated] (CB-7736) Vulnerability in qs dependency

Reply via email to