Vulnerabilities detected while installation #4
Description
Hi,
i've got several error messages while installation npm install. FullpageOs> 2025-04-01_2024-11-19-fullpageos-bookworm-armhf-lite-0.14.0
_npm WARN old lockfile
npm WARN old lockfile The package-lock.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile
npm WARN old lockfile This is a one-time fix-up, please be patient...
npm WARN old lockfile
added 58 packages, and audited 59 packages in 3s
8 packages are looking for funding
run npm fund for details
6 vulnerabilities (3 low, 3 high)
To address all issues, run:
npm audit fix
Run npm audit for details.
body-parser <1.20.3
Severity: high
body-parser vulnerable to denial of service when url encoding is enabled - GHSA-qwcr-r2fm-qrc7
npm audit report
body-parser <1.20.3
Severity: high
body-parser vulnerable to denial of service when url encoding is enabled - GHSA-qwcr-r2fm-qrc7
fix available via npm audit fix
node_modules/body-parser
express <=4.21.0 || 5.0.0-alpha.1 - 5.0.0
Depends on vulnerable versions of body-parser
Depends on vulnerable versions of cookie
Depends on vulnerable versions of path-to-regexp
Depends on vulnerable versions of send
Depends on vulnerable versions of serve-static
node_modules/express
cookie <0.7.0
cookie accepts cookie name, path, and domain with out of bounds characters - GHSA-pxg6-pf52-xh8x
fix available via npm audit fix
node_modules/cookie
path-to-regexp <=0.1.11
Severity: high
path-to-regexp outputs backtracking regular expressions - GHSA-9wv6-86v2-598j
path-to-regexp contains a ReDoS - GHSA-rhx6-c78j-4q9w
fix available via npm audit fix
node_modules/path-to-regexp
send <0.19.0
send vulnerable to template injection that can lead to XSS - GHSA-m6fv-jmcg-4jfg
fix available via npm audit fix
node_modules/send
serve-static <=1.16.0
Depends on vulnerable versions of send
node_modules/serve-static
6 vulnerabilities (3 low, 3 high)
To address all issues, run:
npm audit fix_