Urgent: Black Duck Vulnerability Fix Needed for 'vue-template-compiler'

Question

Urgent: Black Duck Vulnerability Fix Needed for 'vue-template-compiler'

skumar5a9 opened this issue a year ago · 1 comments

skumar5a9 commented a year ago

Version

2.7.16

Reproduction link

security.snyk.io

Steps to reproduce

Hi ,

Could you please address the Black Duck vulnerability in the vue-template-compiler package as soon as possible? It's crucial that we resolve this issue and make the updated package available at your earliest convenience.

https://security.snyk.io/package/npm/vue-template-compiler

Thank you for your prompt attention to this matter.

Best regards,
Kumar

What is expected?

Required new version of 'vue-template-compiler' with zero vulnerabilities

What is actually happening?

Black Duck vulnerability is coming

Answer 1 · 2024-08-15T16:35:45.000Z

This CVE was reported a few weeks ago but it seems to be wrong (it says the problem exists since 2.0.0 but doesn't show how to do it). It will likely be removed by snyk. Right now it's still at proof of concept state. What you can do is use the "Found a mistake" button if the snyk report matters to you