@sdscoep/web-review/.../web-review@0.1.0 vulnerabilities

A npm package to check the responsiveness of your website and audit it's performance

Direct Vulnerabilities

Known vulnerabilities in the @sdscoep/web-review package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Arbitrary File Read

@sdscoep/web-review is a npm package which will compile reports consisting of multiple criteria.

Affected versions of this package are vulnerable to Arbitrary File Read. It is possible to read arbitrary file by using the "file:///" URI as a url.

PoC

const webReview = require("@sdscoep/web-review");

webReview.exec([
  {
    url: "file:///etc/passwd",
    resolution: ["480x320"],
  }
]);

How to fix Arbitrary File Read?

There is no fixed version for @sdscoep/web-review.

*