Vulnerabilities

1 via 1 paths

Dependencies

180

Source

GitHub

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

critical severity
new

Resources Downloaded over Insecure Protocol

  • Vulnerable module: esbuild
  • Introduced through: @intlify/unplugin-vue-i18n@11.2.4

Detailed paths

  • Introduced through: @nuxtjs/i18n@nuxt-modules/i18n @intlify/unplugin-vue-i18n@11.2.4 @intlify/bundle-utils@11.2.4 esbuild@0.25.12

Overview

esbuild is an An extremely fast JavaScript and CSS bundler and minifier.

Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol in the installFromNPM process. An attacker can execute arbitrary code with the privileges of the Deno process by supplying a malicious binary through control of the NPM_CONFIG_REGISTRY environment variable.

Remediation

Upgrade esbuild to version 0.28.1 or higher.

References