π [BUG]: path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j No fix available #11384
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
π bug ζθΏ°
I am using
antd@5.21.4withreact@18.3.1and getting vulnerabilities notification.π· ε€η°ζ₯ιͺ€ | Recurrence steps
$ npm audit
# npm audit report
path-to-regexp 2.0.0 - 3.2.0
Severity: high
path-to-regexp outputs backtracking regular expressions - GHSA-9wv6-86v2-598j
No fix available
node_modules/@refinedev/antd/node_modules/path-to-regexp
@ant-design/pro-layout <=4.3.2 || 4.7.3 - 7.20.0
Depends on vulnerable versions of path-to-regexp
node_modules/@refinedev/antd/node_modules/@ant-design/pro-layout
**@refinedev/antd ***
Depends on vulnerable versions of @ant-design/pro-layout
node_modules/@refinedev/antd
3 high severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
$ npm ls path-to-regexp
my-project
βββ¬ @refinedev/antd@5.43.1
β βββ¬ @ant-design/pro-layout@7.17.12
β βββ path-to-regexp@2.4.0
βββ¬ @refinedev/cli@2.16.39
βββ¬ @refinedev/devtools-server@1.1.37 invalid: "1.1.36" from node_modules/@refinedev/devtools
βββ¬ express@4.21.1
βββ path-to-regexp@0.1.10
$ npm ls send
my-project
βββ¬ @refinedev/cli@2.16.39
βββ¬ @refinedev/devtools-server@1.1.37 invalid: "1.1.36" from node_modules/@refinedev/devtools
βββ¬ express@4.21.1
βββ send@0.19.0
βββ¬ serve-static@1.16.2
βββ send@0.19.0 deduped
π ζζη»ζ | Expected results
π» ε€η°δ»£η | Recurrence code
Β© ηζ¬δΏ‘ζ―
π ε Άδ»δΏ‘ζ―
The text was updated successfully, but these errors were encountered: