You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We're using tar-pack v1.6.1 as a dependency in our project.
As a part of Black Duck scan, the below issue has been identified:
"Node.js is vulnerable to a remote code execution (RCE). This allows a malicious site to perform code execution on a machine running the Node.js process."
This is coming because of the peer dependency tar v2.2.2 which is a very old version.
So, can you please have a look at this ?
The text was updated successfully, but these errors were encountered:
Hi,
We're using tar-pack v1.6.1 as a dependency in our project.
As a part of Black Duck scan, the below issue has been identified:
"Node.js is vulnerable to a remote code execution (RCE). This allows a malicious site to perform code execution on a machine running the Node.js process."
This is coming because of the peer dependency tar v2.2.2 which is a very old version.
So, can you please have a look at this ?
The text was updated successfully, but these errors were encountered: