You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cordova.apache.org by GitBox <gi...@apache.org> on 2019/03/11 05:08:04 UTC

[GitHub] [cordova-ios] williamhilldevs opened a new issue #568: Snyk: High severity vulnerability found in cordova-ios - Open Redirection

williamhilldevs opened a new issue #568: Snyk: High severity vulnerability found in cordova-ios - Open Redirection  
URL: https://github.com/apache/cordova-ios/issues/568
 
 
   # Bug Report
   
   ## Problem
   
   Snyk (https://www.npmjs.com/package/snyk) querying a database of known vulnerabilities revealed this critical security vulnerability:
   
   ```
   ✗ High severity vulnerability found in cordova-ios
     Description: Open Redirection
     Info: https://snyk.io/vuln/npm:cordova-ios:20170207
     Introduced through: cordova-ios@5.0.0
     From: cordova-ios@5.0.0
   ```
   
   ### What is expected to happen?
   No security vulnerabilities should be found by Snyk
   
   
   ### What does actually happen?
   High severity security vulnerability found by Snyk
   
   ## Information
   
   **Steps to reproduce:**
   - Add latest version of cordova-ios to a package.json file
   - Install npm snyk
   - Run snyk test
   
   ### Command or Code
   See above
   
   ### Environment, Platform, Device
   Any
   
   ### Version information
   
   This is the case both for
   `"cordova-ios": "^4.0.0",`
   and
   `"cordova-ios": "^5.0.0",`.
   
   
   ## Checklist
   <!-- Please check the boxes by putting an x in the [ ] like so: [x] -->
   
   - [ x] I searched for existing GitHub issues
   - [ x] I updated all Cordova tooling to most recent version
   - [ x] I included all the necessary information above
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org