NodeJS/eslint-utils/1.3.0
Utilities for ESLint plugins.
https://www.npmjs.com/package/eslint-utils
MIT
1 Security Vulnerabilities
Arbitrary Code Execution in eslint-utils
Published date: 2019-08-26T16:59:56Z
CVE: CVE-2019-15657
Links:
- https://github.com/mysticatea/eslint-utils/security/advisories/GHSA-3gx7-xhv7-5mx3
- https://nvd.nist.gov/vuln/detail/CVE-2019-15657
- https://github.com/advisories/GHSA-3gx7-xhv7-5mx3
- https://eslint.org/blog/2019/08/eslint-v6.2.1-released
- https://www.npmjs.com/advisories/1118
- https://github.com/mysticatea/eslint-utils/commit/08158db1c98fd71cf0f32ddefbc147e2620e724c
Versions of eslint-utils
>=1.2.0 or <1.4.1 are vulnerable to Arbitrary Code Execution. The getStaticValue
does not properly sanitize user input allowing attackers to supply malicious input that executes arbitrary code during the linting process. The getStringIfConstant
and getPropertyName
functions are not affected.
Recommendation
Upgrade to version 1.4.1 or later.
Affected versions:
["1.2.0", "1.3.0", "1.3.1", "1.4.0"]
Secure versions:
[0.0.0, 1.0.0, 1.1.0, 1.4.1, 1.4.2, 1.4.3, 2.0.0, 2.1.0, 3.0.0]
Recommendation:
Update to version 3.0.0.
13 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
3.0.0 | MIT | 2021-05-14 - 06:56 | about 3 years | |
2.1.0 | MIT | 2020-06-15 - 12:21 | almost 4 years | |
2.0.0 | MIT | 2019-12-26 - 09:03 | over 4 years | |
1.4.3 | MIT | 2019-10-20 - 12:52 | over 4 years | |
1.4.2 | MIT | 2019-08-20 - 10:29 | over 4 years | |
1.4.1 | MIT | 2019-08-20 - 10:23 | over 4 years | |
1.4.0 | MIT | 1 | 2019-07-14 - 09:08 | almost 5 years |
1.3.1 | MIT | 1 | 2018-06-28 - 10:00 | almost 6 years |
1.3.0 | MIT | 1 | 2018-05-27 - 08:42 | almost 6 years |
1.2.0 | MIT | 1 | 2018-05-08 - 13:38 | about 6 years |
1.1.0 | MIT | 2018-05-04 - 11:54 | about 6 years | |
1.0.0 | MIT | 2018-05-03 - 16:22 | about 6 years | |
0.0.0 | MIT | 2018-05-03 - 15:19 | about 6 years |