Skip to content

Vulnerability in dependency for Yo #780

New issue
New issue
Closed
Closed
Vulnerability in dependency for Yo#780
@smartguest

Description

@smartguest
smartguest
opened on Feb 7, 2023

Type of issue

BUG

In a scan for one of our repos, we found a security issue inside Yo where "http-cache-semantics" is vulnerable to Regular Expression D-O-S:

CVE-2022-25881

This is caused by a transitive dependency found in the current version of Yo :

"yo@4.3.0 requires http-cache-semantics@3.8.1 via a transitive dependency on cacheable-request@2.1.4"

The version of "http-cache-semantics" that is secure is 4.1.1.

Updating to Yo 4.3.1. did not fix this issue.

My environment

  • OS version/details: Windows 10 64-bit
  • Node version: 16.8.1 (run node --version in your terminal)
  • npm version: 8.12.1 (run npm --version in your terminal)
  • Version of yo : 4.3.1 (run yo --version in your terminal)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions