You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by GitBox <gi...@apache.org> on 2019/03/11 05:19:46 UTC
[GitHub] [cordova-ios] gabriele-sacchi opened a new issue #570: Snyk: High
severity vulnerability found in cordova-ios -> Open Redirection
gabriele-sacchi opened a new issue #570: Snyk: High severity vulnerability found in cordova-ios -> Open Redirection
URL: https://github.com/apache/cordova-ios/issues/570
# Bug Report
## Problem
Snyk (https://www.npmjs.com/package/snyk) querying a database of known vulnerabilities revealed this critical security vulnerability:
```
✗ High severity vulnerability found in cordova-ios
Description: Open Redirection
Info: https://snyk.io/vuln/npm:cordova-ios:20170207
Introduced through: cordova-ios@5.0.0
From: cordova-ios@5.0.0
```
### What is expected to happen?
No security vulnerabilities should be found by Snyk
### What does actually happen?
High severity security vulnerability found by Snyk
## Information
**Steps to reproduce:**
- Add latest version of cordova-ios to a package.json file
- Install `npm snyk`
- Run `snyk test`
### Command or Code
See above
### Environment, Platform, Device
Any
### Version information
This is the case both for
`"cordova-ios": "^4.0.0",`
and
`"cordova-ios": "^5.0.0",`.
## Checklist
<!-- Please check the boxes by putting an x in the [ ] like so: [x] -->
- [ x] I searched for existing GitHub issues
- [ x] I updated all Cordova tooling to most recent version
- [ x] I included all the necessary information above
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org