vulnerability in netmask (CVE-2021-28918) #378
Description
I have a project that depends on [email protected], which seems to be the latest version.
When running yarn audit, this error shows up since a few days ago:
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ netmask npm package vulnerable to octal input data │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ netmask │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=2.0.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ qiniu │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ qiniu > urllib > proxy-agent > pac-proxy-agent > │
│ │ pac-resolver > netmask │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1658 │
└───────────────┴──────────────────────────────────────────────────────────────┘
1 vulnerabilities found - Packages audited: 901
https://www.npmjs.com/advisories/1658
It’d be great to see a new version of qiniu that depends on netmask@^2.0.1. Thank you!