High NPM Vulnerability

Question

High NPM Vulnerability

Closed this issue 3 years ago · 2 comments

│ High │ Denial of Service │
├───────────────┼────────────────────────────────────────
│ Package │ css-what │
├───────────────┼────────────────────────────────────────
│ Patched in │ >=5.0.1 │
├───────────────┼────────────────────────────────────────
│ Dependency of │ website-scraper │
├───────────────┼────────────────────────────────────────
│ Path │ website-scraper > cheerio > css-select > css-what │
├───────────────┼────────────────────────────────────────

Answer 1 · 2021-06-30T14:48:45.000Z

Hi @earlvhin
Thank you for reporting the issue. It's a vulnerability in one of the dependencies cheeriojs/cheerio#1924, let's wait for a fix from cheerio maintainers

Answer 2 · 2021-08-22T21:15:42.000Z

Vulnerability was fixed in css-what
This security report had wrong version condition because only v4.0.0 and v5.0.0 of css-what were affected, but cheerio(via css-select) used version 2.1.