[ https://issues.apache.org/jira/browse/CB-7736?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Victor Adrian Sosa Herrera updated CB-7736: ------------------------------------------- Component/s: (was: CordovaLib) CLI > Vulnerability in qs dependency > ------------------------------ > > Key: CB-7736 > URL: https://issues.apache.org/jira/browse/CB-7736 > Project: Apache Cordova > Issue Type: Bug > Components: CLI > Affects Versions: 3.6.0 > Reporter: Victor Adrian Sosa Herrera > Priority: Critical > > There is a very well documented vulnerability issue in the qs module that > comes as a dependency in request in cordova-cli > https://nodesecurity.io/advisories/qs_dos_memory_exhaustion > Here the tree of modules > cordova@3.5.0-0.2.6 > ┬ cordova-lib@0.21.6 > ├─┬ npm@1.3.4 > │ └─┬ request@2.21.0 > │ └── qs@0.6.5 > └─┬ request@2.22.0 > └── qs@0.6.6 > Even though the tree says it is in a Cordova 3.5.0, the same versions are > found in 3.6.3 -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org