Hello,
Component: Node.js
Package: on-headers
Affected Version: 1.0.2
Used In: Node-RED 4.0.9
Impact:
Description:
The on-headers package (version 1.0.2) used in the Node-red version 4.0.9 is known to have security vulnerabilities that could lead to data exposure or unintended data manipulation
References:
Hi,
Node-RED 4.1.0 was released this week that includes updates for this.
For future reference, please follow the project’s security policy for reporting anything security related: GitHub - node-red/node-red: Low-code programming for event-driven applications rather than publish to public forum.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy