-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability on json-logic-js@2.0.1 dependency of formiojs #4181
Comments
Hello, Thank you for taking the time to report this to us. We are unable to identify any listed vulnerabilities against that package. Are you able to provide a link to the CVE? Please note this is also a 100% optional feature. There is no significant loss of functionality from avoiding its usage. |
@cmcortez here is the npm audit (although it is triggered from the formio/formio-service package which uses formiojs@2.32.2) On a clean install this is the only warnings coming from the latest formiojs package: Directly installing json-logic-js@2.0.1 doe not throw an npm alert neither: @cuneytdalan have you checked if you are using an older version of formio.js (maybe you have an outdated package-lock.json file referencing to an older json-logic-js package). For more information check https://snyk.io/advisor/npm-package/json-logic-js |
Hello, @airarrazaval, Currently using;
Having the vulnerabiliy on comment: #4181 (comment) Also i think the 3rd party library of json-logic-js is not being maintained enough because i opened this issue there with the link jwadhams/json-logic-js#101 (comment) and they haven't answered me yet. So maybe it would be better the replace json-logic-js lib with another library. Thanks, |
We're currently addressing a backlog of GitHub issues. Closing this thread as it is outdated. Please re-open if it is still relevant. Thank you for your contribution! |
Hello, when my project is scanned via fortify software security center, it detects vulnerability like the following dependency json-logic-js of formiojs;
Vulnerability Description : The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
json-logic-js version: 2.0.1
formio version: 4.12.7
@formio/angular version: 5.1.1
frameweork: Angular
Thanks.
The text was updated successfully, but these errors were encountered: