[Bug]: ⚠️ High Severity Vulnerability in Rollup Dependency (<2.79.2) #6857
Labels
waiting for author
Further information is requested from the author
Comments
wapatp
added
the
waiting for maintainer
|
@wapatp Can help with a pr? 有兴趣来一个 pr 帮忙解决吗? |
hustcc
added
waiting for author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug / 问题描述
Hi team,
While running npm audit, I encountered a high severity vulnerability in the rollup package bundled within your dependency chain.
Vulnerability: DOM Clobbering Gadget in rollup bundled scripts that leads to XSS
Severity: High
Affected Package: rollup (<2.79.2)
Fix: Upgrade to >=2.79.2
Advisory: GHSA-gcx4-mw62-g8wm
Reproduction link / 复现链接
No response
Steps to Reproduce the Bug or Issue / 重现步骤
No response
Version / 版本
🆕 5.x
OS / 操作系统
Browser / 浏览器
The text was updated successfully, but these errors were encountered: