siesta-lite - NPM 7 vulnerabilities (1 moderate, 5 high, 1 critical)
Posted: Sun Feb 23, 2020 12:20 pm
There are several vulnerabilities errors in npm when using siesta.
Any ideas on fixes? It seems that all is coming from the handlebars package.
package.json
Any ideas on fixes? It seems that all is coming from the handlebars package.
package.json
{
"devDependencies": {},
"scripts": {},
"dependencies": {
"siesta-lite": "^5.3.1"
}
}
npm i siesta-lite
npm WARN saveError ENOENT: no such file or directory, open 'd:\Projects\espos\tt\package.json'
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN enoent ENOENT: no such file or directory, open 'd:\Projects\espos\tt\package.json'
npm WARN tt No description
npm WARN tt No repository field.
npm WARN tt No README data
npm WARN tt No license field.
+ siesta-lite@5.3.1
added 326 packages from 162 contributors and audited 660 packages in 11.411s
1 package is looking for funding
run `npm fund` for details
found 7 vulnerabilities (1 moderate, 5 high, 1 critical)
run `npm audit fix` to fix them, or `npm audit` for details
npm audit
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Critical Prototype Pollution
Package handlebars
Patched in >=4.0.14 <4.1.0 || >=4.1.2
Dependency of siesta-lite
Path siesta-lite > nyc > istanbul-reports > handlebars
More info https://npmjs.com/advisories/755
High Prototype Pollution
Package handlebars
Patched in >=4.3.0
Dependency of siesta-lite
Path siesta-lite > nyc > istanbul-reports > handlebars
More info https://npmjs.com/advisories/1164
Moderate Denial of Service
Package handlebars
Patched in >=4.4.5
Dependency of siesta-lite
Path siesta-lite > nyc > istanbul-reports > handlebars
More info https://npmjs.com/advisories/1300
High Arbitrary Code Execution
Package handlebars
Patched in >=4.5.2
Dependency of siesta-lite
Path siesta-lite > nyc > istanbul-reports > handlebars
More info https://npmjs.com/advisories/1316
High Arbitrary Code Execution
Package handlebars
Patched in >=4.5.3
Dependency of siesta-lite
Path siesta-lite > nyc > istanbul-reports > handlebars
More info https://npmjs.com/advisories/1324
High Prototype Pollution
Package handlebars
Patched in >=4.5.3
Dependency of siesta-lite
Path siesta-lite > nyc > istanbul-reports > handlebars
More info https://npmjs.com/advisories/1325
High Prototype Pollution
Package lodash
Patched in >=4.17.12
Dependency of siesta-lite
Path siesta-lite > nyc > istanbul-reports > handlebars > async >
lodash
More info https://npmjs.com/advisories/1065
found 7 vulnerabilities (1 moderate, 5 high, 1 critical) in 660 scanned packages
7 vulnerabilities require manual review. See the full report for details.