npm install issue : 27 vulnerabilities (16 moderate, 9 high, 2 critical) 要解决所有问题，请运行:npm audit fix --force-6ren

npm install issue : 27 vulnerabilities (16 moderate, 9 high, 2 critical) 要解决所有问题，请运行:npm audit fix --force

转载作者：行者123 更新时间：2023-12-05 03:34:02

当我在相关的 react 项目文件夹中输入 npm install 时，它在安装节点模块后返回此错误

27 vulnerabilities (16 moderate, 9 high, 2 critical)

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

和 npm audit fix --force 给出了这个输出 =>

npm WARN using --force Recommended protections disabled.
npm WARN audit Updating react-scripts to 0.9.5,which is a SemVer major change.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated circular-json@0.3.3: CircularJSON is in maintenance only, flatted is its successor.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated eslint-loader@1.6.0: This loader has been deprecated. Please use eslint-webpack-plugin
npm WARN deprecated extract-text-webpack-plugin@1.0.1: Deprecated. Please use https://github.com/webpack-contrib/mini-css-extract-plugin
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated sane@1.4.1: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
npm WARN deprecated browserslist@1.7.7: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated chokidar@1.7.0: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated babel-eslint@7.1.1: babel-eslint is now @babel/eslint-parser. This package will no longer receive updates.
npm WARN deprecated html-webpack-plugin@2.24.0: out of support
npm WARN deprecated svgo@0.7.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
npm WARN deprecated core-js@2.6.12: core-js@<3.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependencies to the actual version of core-js.

added 395 packages, removed 1253 packages, changed 287 packages, and audited 1099 packages in 3m

22 packages are looking for funding
  run `npm fund` for details

# npm audit report

ansi-html  *
Severity: high
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via `npm audit fix --force`
Will install react-scripts@4.0.3, which is a breaking change
node_modules/ansi-html
  react-dev-utils  0.2.0 - 11.0.3
  Depends on vulnerable versions of ansi-html
  node_modules/react-dev-utils
    react-scripts  0.1.0 - 4.0.0-next.117
    Depends on vulnerable versions of eslint-plugin-import
    Depends on vulnerable versions of http-proxy-middleware
    Depends on vulnerable versions of jest
    Depends on vulnerable versions of react-dev-utils
    Depends on vulnerable versions of url-loader
    Depends on vulnerable versions of webpack
    Depends on vulnerable versions of webpack-dev-server
    node_modules/react-scripts

braces  <2.3.1
Regular Expression Denial of Service in braces - https://github.com/advisories/GHSA-g95f-p29q-9xw4
fix available via `npm audit fix --force`
Will install react-scripts@4.0.3, which is a breaking change
node_modules/braces
  micromatch  0.2.0 - 2.3.11
  Depends on vulnerable versions of braces
  Depends on vulnerable versions of parse-glob
  node_modules/micromatch
    anymatch  1.2.0 - 1.3.2
    Depends on vulnerable versions of micromatch
    node_modules/anymatch
      chokidar  1.0.0-rc1 - 2.1.8
      Depends on vulnerable versions of anymatch
      Depends on vulnerable versions of glob-parent
      node_modules/chokidar
        watchpack  0.2.2 - 1.6.1
        Depends on vulnerable versions of chokidar
        node_modules/watchpack
    http-proxy-middleware  0.3.0 - 0.17.4
    Depends on vulnerable versions of micromatch
    node_modules/http-proxy-middleware
      react-scripts  0.1.0 - 4.0.0-next.117
      Depends on vulnerable versions of eslint-plugin-import
      Depends on vulnerable versions of http-proxy-middleware
      Depends on vulnerable versions of jest
      Depends on vulnerable versions of react-dev-utils
      Depends on vulnerable versions of url-loader
      Depends on vulnerable versions of webpack
      Depends on vulnerable versions of webpack-dev-server
      node_modules/react-scripts
      webpack-dev-server  <=3.1.10
      Depends on vulnerable versions of http-proxy-middleware
      Depends on vulnerable versions of open
      Depends on vulnerable versions of optimist
      node_modules/webpack-dev-server
    jest-haste-map  16.1.0-alpha.691b0e22 - 24.0.0
    Depends on vulnerable versions of micromatch
    Depends on vulnerable versions of sane
    node_modules/jest-haste-map
      jest-resolve  18.1.0 - 19.0.2
      Depends on vulnerable versions of jest-haste-map
      node_modules/jest-resolve
        jest-cli  0.5.5 - 24.1.0
        Depends on vulnerable versions of jest-config
        Depends on vulnerable versions of jest-resolve
        Depends on vulnerable versions of jest-runtime
        Depends on vulnerable versions of node-notifier
        Depends on vulnerable versions of sane
        Depends on vulnerable versions of yargs
        node_modules/jest-cli
          jest  13.3.0-alpha.4eb0c908 - 23.6.0
          Depends on vulnerable versions of jest-cli
          node_modules/jest
        jest-config  18.1.0 - 19.0.4
        Depends on vulnerable versions of jest-resolve
        node_modules/jest-config
        jest-resolve-dependencies  18.1.0
        Depends on vulnerable versions of jest-resolve
        node_modules/jest-resolve-dependencies
        jest-runtime  12.1.1-alpha.2935e14d - 24.0.0-alpha.16
        Depends on vulnerable versions of babel-jest
        Depends on vulnerable versions of babel-plugin-istanbul
        Depends on vulnerable versions of jest-haste-map
        Depends on vulnerable versions of jest-resolve
        Depends on vulnerable versions of micromatch
        Depends on vulnerable versions of yargs
        node_modules/jest-runtime
    test-exclude  <=4.2.3
    Depends on vulnerable versions of micromatch
    node_modules/test-exclude
      babel-plugin-istanbul  <=5.0.0
      Depends on vulnerable versions of test-exclude
      node_modules/babel-plugin-istanbul
        babel-jest  14.2.0-alpha.ca8bfb6e - 24.0.0-alpha.16
        Depends on vulnerable versions of babel-plugin-istanbul
        node_modules/babel-jest

color-string  <1.5.5
Severity: moderate
Regular Expression Denial of Service (ReDOS) - https://github.com/advisories/GHSA-257v-vj4p-3w2h
fix available via `npm audit fix`
node_modules/color-string
  color  <=0.11.4
  Depends on vulnerable versions of color-string
  node_modules/color
    colormin  *
    Depends on vulnerable versions of color
    node_modules/colormin
      postcss-colormin  <=2.2.2
      Depends on vulnerable versions of colormin
      node_modules/postcss-colormin
        cssnano  <=3.10.0
        Depends on vulnerable versions of postcss-colormin
        Depends on vulnerable versions of postcss-svgo
        node_modules/cssnano

debug  <2.6.9
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
fix available via `npm audit fix --force`
Will install react-scripts@4.0.3, which is a breaking change
node_modules/eslint-module-utils/node_modules/debug
  eslint-module-utils  1.0.0-beta.0 - 2.0.0
  Depends on vulnerable versions of debug
  node_modules/eslint-module-utils
    eslint-plugin-import  2.0.0-beta.0 - 2.1.0
    Depends on vulnerable versions of eslint-module-utils
    node_modules/eslint-plugin-import
      react-scripts  0.1.0 - 4.0.0-next.117
      Depends on vulnerable versions of eslint-plugin-import
      Depends on vulnerable versions of http-proxy-middleware
      Depends on vulnerable versions of jest
      Depends on vulnerable versions of react-dev-utils
      Depends on vulnerable versions of url-loader
      Depends on vulnerable versions of webpack
      Depends on vulnerable versions of webpack-dev-server
      node_modules/react-scripts

glob-parent  <5.1.2
Severity: high
Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install react-scripts@4.0.3, which is a breaking change
node_modules/glob-parent
  chokidar  1.0.0-rc1 - 2.1.8
  Depends on vulnerable versions of anymatch
  Depends on vulnerable versions of glob-parent
  node_modules/chokidar
    watchpack  0.2.2 - 1.6.1
    Depends on vulnerable versions of chokidar
    node_modules/watchpack
  glob-base  *
  Depends on vulnerable versions of glob-parent
  node_modules/glob-base
    parse-glob  >=2.1.0
    Depends on vulnerable versions of glob-base
    node_modules/parse-glob
      micromatch  0.2.0 - 2.3.11
      Depends on vulnerable versions of braces
      Depends on vulnerable versions of parse-glob
      node_modules/micromatch
        anymatch  1.2.0 - 1.3.2
        Depends on vulnerable versions of micromatch
        node_modules/anymatch
        http-proxy-middleware  0.3.0 - 0.17.4
        Depends on vulnerable versions of micromatch
        node_modules/http-proxy-middleware
          react-scripts  0.1.0 - 4.0.0-next.117
          Depends on vulnerable versions of eslint-plugin-import
          Depends on vulnerable versions of http-proxy-middleware
          Depends on vulnerable versions of jest
          Depends on vulnerable versions of react-dev-utils
          Depends on vulnerable versions of url-loader
          Depends on vulnerable versions of webpack
          Depends on vulnerable versions of webpack-dev-server
          node_modules/react-scripts
          webpack-dev-server  <=3.1.10
          Depends on vulnerable versions of http-proxy-middleware
          Depends on vulnerable versions of open
          Depends on vulnerable versions of optimist
          node_modules/webpack-dev-server
        jest-haste-map  16.1.0-alpha.691b0e22 - 24.0.0
        Depends on vulnerable versions of micromatch
        Depends on vulnerable versions of sane
        node_modules/jest-haste-map
          jest-resolve  18.1.0 - 19.0.2
          Depends on vulnerable versions of jest-haste-map
          node_modules/jest-resolve
            jest-cli  0.5.5 - 24.1.0
            Depends on vulnerable versions of jest-config
            Depends on vulnerable versions of jest-resolve
            Depends on vulnerable versions of jest-runtime
            Depends on vulnerable versions of node-notifier
            Depends on vulnerable versions of sane
            Depends on vulnerable versions of yargs
            node_modules/jest-cli
              jest  13.3.0-alpha.4eb0c908 - 23.6.0
              Depends on vulnerable versions of jest-cli
              node_modules/jest
            jest-config  18.1.0 - 19.0.4
            Depends on vulnerable versions of jest-resolve
            node_modules/jest-config
            jest-resolve-dependencies  18.1.0
            Depends on vulnerable versions of jest-resolve
            node_modules/jest-resolve-dependencies
            jest-runtime  12.1.1-alpha.2935e14d - 24.0.0-alpha.16
            Depends on vulnerable versions of babel-jest
            Depends on vulnerable versions of babel-plugin-istanbul
            Depends on vulnerable versions of jest-haste-map
            Depends on vulnerable versions of jest-resolve
            Depends on vulnerable versions of micromatch
            Depends on vulnerable versions of yargs
            node_modules/jest-runtime
        test-exclude  <=4.2.3
        Depends on vulnerable versions of micromatch
        node_modules/test-exclude
          babel-plugin-istanbul  <=5.0.0
          Depends on vulnerable versions of test-exclude
          node_modules/babel-plugin-istanbul
            babel-jest  14.2.0-alpha.ca8bfb6e - 24.0.0-alpha.16
            Depends on vulnerable versions of babel-plugin-istanbul
            node_modules/babel-jest

is-svg  2.1.0 - 4.2.1
Severity: high
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-7r28-3m3f-r2pr
fix available via `npm audit fix`
node_modules/is-svg

js-yaml  <=3.13.0
Severity: high
Denial of Service in js-yaml - https://github.com/advisories/GHSA-2pr6-76vf-7546
Code Injection in js-yaml - https://github.com/advisories/GHSA-8j8c-7jfh-h6hx
fix available via `npm audit fix`
node_modules/svgo/node_modules/js-yaml
  svgo  0.4.2 - 1.0.5
  Depends on vulnerable versions of js-yaml
  node_modules/svgo
    postcss-svgo  <=2.1.6
    Depends on vulnerable versions of svgo
    node_modules/postcss-svgo
      cssnano  <=3.10.0
      Depends on vulnerable versions of postcss-colormin
      Depends on vulnerable versions of postcss-svgo
      node_modules/cssnano

merge  <2.1.1
Severity: high
Prototype Pollution in merge - https://github.com/advisories/GHSA-7wpw-2hjm-89gp
fix available via `npm audit fix --force`
Will install react-scripts@4.0.3, which is a breaking change
node_modules/merge
  exec-sh  <=0.3.1
  Depends on vulnerable versions of merge
  node_modules/exec-sh
    sane  1.0.4 - 4.0.1
    Depends on vulnerable versions of exec-sh
    node_modules/sane
      jest-cli  0.5.5 - 24.1.0
      Depends on vulnerable versions of jest-config
      Depends on vulnerable versions of jest-resolve
      Depends on vulnerable versions of jest-runtime
      Depends on vulnerable versions of node-notifier
      Depends on vulnerable versions of sane
      Depends on vulnerable versions of yargs
      node_modules/jest-cli
        jest  13.3.0-alpha.4eb0c908 - 23.6.0
        Depends on vulnerable versions of jest-cli
        node_modules/jest
          react-scripts  0.1.0 - 4.0.0-next.117
          Depends on vulnerable versions of eslint-plugin-import
          Depends on vulnerable versions of http-proxy-middleware
          Depends on vulnerable versions of jest
          Depends on vulnerable versions of react-dev-utils
          Depends on vulnerable versions of url-loader
          Depends on vulnerable versions of webpack
          Depends on vulnerable versions of webpack-dev-server
          node_modules/react-scripts
      jest-haste-map  16.1.0-alpha.691b0e22 - 24.0.0
      Depends on vulnerable versions of micromatch
      Depends on vulnerable versions of sane
      node_modules/jest-haste-map
        jest-resolve  18.1.0 - 19.0.2
        Depends on vulnerable versions of jest-haste-map
        node_modules/jest-resolve
          jest-config  18.1.0 - 19.0.4
          Depends on vulnerable versions of jest-resolve
          node_modules/jest-config
          jest-resolve-dependencies  18.1.0
          Depends on vulnerable versions of jest-resolve
          node_modules/jest-resolve-dependencies
          jest-runtime  12.1.1-alpha.2935e14d - 24.0.0-alpha.16
          Depends on vulnerable versions of babel-jest
          Depends on vulnerable versions of babel-plugin-istanbul
          Depends on vulnerable versions of jest-haste-map
          Depends on vulnerable versions of jest-resolve
          Depends on vulnerable versions of micromatch
          Depends on vulnerable versions of yargs
          node_modules/jest-runtime

mime  <1.4.1
Severity: moderate
Regular Expression Denial of Service in mime - https://github.com/advisories/GHSA-wrvr-8mpx-r7pp
fix available via `npm audit fix --force`
Will install react-scripts@4.0.3, which is a breaking change
node_modules/mime
  url-loader  0.5.5 - 0.5.9
  Depends on vulnerable versions of mime
  node_modules/url-loader
    react-scripts  0.1.0 - 4.0.0-next.117
    Depends on vulnerable versions of eslint-plugin-import
    Depends on vulnerable versions of http-proxy-middleware
    Depends on vulnerable versions of jest
    Depends on vulnerable versions of react-dev-utils
    Depends on vulnerable versions of url-loader
    Depends on vulnerable versions of webpack
    Depends on vulnerable versions of webpack-dev-server
    node_modules/react-scripts

minimist  <0.2.1
Severity: moderate
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
fix available via `npm audit fix --force`
Will install react-scripts@4.0.3, which is a breaking change
node_modules/optimist/node_modules/minimist
  optimist  >=0.6.0
  Depends on vulnerable versions of minimist
  node_modules/optimist
    webpack  0.11.0-beta1 - 2.0.2-beta
    Depends on vulnerable versions of optimist
    node_modules/webpack
      extract-text-webpack-plugin  <=1.0.1
      Depends on vulnerable versions of webpack
      node_modules/extract-text-webpack-plugin
      react-scripts  0.1.0 - 4.0.0-next.117
      Depends on vulnerable versions of eslint-plugin-import
      Depends on vulnerable versions of http-proxy-middleware
      Depends on vulnerable versions of jest
      Depends on vulnerable versions of react-dev-utils
      Depends on vulnerable versions of url-loader
      Depends on vulnerable versions of webpack
      Depends on vulnerable versions of webpack-dev-server
      node_modules/react-scripts
    webpack-dev-server  <=3.1.10
    Depends on vulnerable versions of http-proxy-middleware
    Depends on vulnerable versions of open
    Depends on vulnerable versions of optimist
    node_modules/webpack-dev-server

node-notifier  <8.0.1
Severity: moderate
OS Command Injection in node-notifier - https://github.com/advisories/GHSA-5fw9-fq32-wv5p
fix available via `npm audit fix --force`
Will install react-scripts@4.0.3, which is a breaking change
node_modules/node-notifier
  jest-cli  0.5.5 - 24.1.0
  Depends on vulnerable versions of jest-config
  Depends on vulnerable versions of jest-resolve
  Depends on vulnerable versions of jest-runtime
  Depends on vulnerable versions of node-notifier
  Depends on vulnerable versions of sane
  Depends on vulnerable versions of yargs
  node_modules/jest-cli
    jest  13.3.0-alpha.4eb0c908 - 23.6.0
    Depends on vulnerable versions of jest-cli
    node_modules/jest
      react-scripts  0.1.0 - 4.0.0-next.117
      Depends on vulnerable versions of eslint-plugin-import
      Depends on vulnerable versions of http-proxy-middleware
      Depends on vulnerable versions of jest
      Depends on vulnerable versions of react-dev-utils
      Depends on vulnerable versions of url-loader
      Depends on vulnerable versions of webpack
      Depends on vulnerable versions of webpack-dev-server
      node_modules/react-scripts

open  <6.0.0
Severity: critical
Command Injection in open - https://github.com/advisories/GHSA-28xh-wpgr-7fm8
fix available via `npm audit fix --force`
Will install react-scripts@4.0.3, which is a breaking change
node_modules/open
  webpack-dev-server  <=3.1.10
  Depends on vulnerable versions of http-proxy-middleware
  Depends on vulnerable versions of open
  Depends on vulnerable versions of optimist
  node_modules/webpack-dev-server
    react-scripts  0.1.0 - 4.0.0-next.117
    Depends on vulnerable versions of eslint-plugin-import
    Depends on vulnerable versions of http-proxy-middleware
    Depends on vulnerable versions of jest
    Depends on vulnerable versions of react-dev-utils
    Depends on vulnerable versions of url-loader
    Depends on vulnerable versions of webpack
    Depends on vulnerable versions of webpack-dev-server
    node_modules/react-scripts

react-dev-utils  0.2.0 - 11.0.3
Severity: high
Improper Neutralization of Special Elements used in an OS Command. - https://github.com/advisories/GHSA-5q6m-3h65-w53x
Depends on vulnerable versions of ansi-html
fix available via `npm audit fix --force`
Will install react-scripts@4.0.3, which is a breaking change
node_modules/react-dev-utils
  react-scripts  0.1.0 - 4.0.0-next.117
  Depends on vulnerable versions of eslint-plugin-import
  Depends on vulnerable versions of http-proxy-middleware
  Depends on vulnerable versions of jest
  Depends on vulnerable versions of react-dev-utils
  Depends on vulnerable versions of url-loader
  Depends on vulnerable versions of webpack
  Depends on vulnerable versions of webpack-dev-server
  node_modules/react-scripts

webpack-dev-server  <=3.1.10
Severity: critical
Missing Origin Validation in webpack-dev-server - https://github.com/advisories/GHSA-cf66-xwfp-gvc4
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of open
Depends on vulnerable versions of optimist
fix available via `npm audit fix --force`
Will install react-scripts@4.0.3, which is a breaking change
node_modules/webpack-dev-server
  react-scripts  0.1.0 - 4.0.0-next.117
  Depends on vulnerable versions of eslint-plugin-import
  Depends on vulnerable versions of http-proxy-middleware
  Depends on vulnerable versions of jest
  Depends on vulnerable versions of react-dev-utils
  Depends on vulnerable versions of url-loader
  Depends on vulnerable versions of webpack
  Depends on vulnerable versions of webpack-dev-server
  node_modules/react-scripts

yargs-parser  <=5.0.0
Severity: moderate
Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp
fix available via `npm audit fix --force`
Will install react-scripts@4.0.3, which is a breaking change
node_modules/yargs-parser
  yargs  4.0.0-alpha1 - 7.0.0-alpha.3 || 7.1.1
  Depends on vulnerable versions of yargs-parser
  node_modules/yargs
    jest-cli  0.5.5 - 24.1.0
    Depends on vulnerable versions of jest-config
    Depends on vulnerable versions of jest-resolve
    Depends on vulnerable versions of jest-runtime
    Depends on vulnerable versions of node-notifier
    Depends on vulnerable versions of sane
    Depends on vulnerable versions of yargs
      jest  13.3.0-alpha.4eb0c908 - 23.6.0
      Depends on vulnerable versions of jest-cli
      node_modules/jest
        react-scripts  0.1.0 - 4.0.0-next.117
        Depends on vulnerable versions of eslint-plugin-import
        Depends on vulnerable versions of http-proxy-middleware
        Depends on vulnerable versions of jest
        Depends on vulnerable versions of react-dev-utils
        Depends on vulnerable versions of url-loader
        Depends on vulnerable versions of webpack
        Depends on vulnerable versions of webpack-dev-server
        node_modules/react-scripts
    jest-runtime  12.1.1-alpha.2935e14d - 24.0.0-alpha.16
    Depends on vulnerable versions of babel-jest
    Depends on vulnerable versions of babel-plugin-istanbul
    Depends on vulnerable versions of jest-haste-map
    Depends on vulnerable versions of jest-resolve
    Depends on vulnerable versions of micromatch
    Depends on vulnerable versions of yargs
    node_modules/jest-runtime

48 vulnerabilities (12 low, 18 moderate, 16 high, 2 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

这在几周前运行良好，我什至清除了 npm 缓存，但问题仍然存在。

最佳答案

1- 将 react-scripts 移动到 devDependencies

2- 运行 npm audit --production

关于npm install issue : 27 vulnerabilities (16 moderate, 9 high, 2 critical) 要解决所有问题，请运行:npm audit fix --force，我们在Stack Overflow上找到一个类似的问题： https://stackoverflow.com/questions/70229783/

文章推荐： ruby-on-rails - 在 Mac M1 上安装 Ruby 时检查或清理工作树

文章推荐： .net - 按嵌套集合过滤计数排序

文章推荐： kubernetes - 如何使用 kustomize 与多个覆盖共享资源/补丁？

文章推荐： python - 删除 altair 可视化中标记之间的空间

security - "gadget vulnerability"是什么？
在最近的安全公告中，微软警告说“小工具中的漏洞可能允许远程执行代码”: An attacker who successfully exploited a Gadget vulnerability co
javascript - document.vulnerable 是做什么的？
我越来越多地致力于防止 xss 攻击，我这样做的方法之一是查找和修复漏洞。我注意到我在记录的许多攻击中都看到了 document.vulnerable。我似乎找不到太多关于此的文档，所以我想知道它的
javascript - 代码摘录 : Does this create a vulnerability to XSS?
所以我对 JavaScript 比较陌生，尽管我一直在做 HTML/CSS UI 前端工作(我知道这是亵渎)，并且正在开发我自己的样板文件以用于 future 的元素。我对从 XSS、CodeInje
android - 谷歌播放警告 : SSL Error Handler Vulnerability
在我的 Android 应用程序中，我使用 Deezer SDK 来播放轨道。我最近收到一封来自 Google 的电子邮件，主题如下:“Google Play 警告:SSL 错误处理程序漏洞”。在这封
linux - glibc fnmatch 漏洞 : how to expose the vulnerability?
我必须验证一个运行 glibc-2.9 的 64 位系统上的漏洞。 http://scarybeastsecurity.blogspot.in/2011/02/i-got-accidental-cod
javascript - 跨域 AJAX 请求未被阻止 : is this a security vulnerability?
最近三天我研究了如何使用 XMLHttpRequest 进行跨域请求。最好的选择确实是我已经在使用的 JSONP。但我仍然有一个问题，我无法在任何地方找到答案。我阅读了数百篇文章(包括 SO)，但没
ruby-on-rails - rails : HOST Header Attack vulnerability
我非常担心我构建的网络应用程序的安全性，因此我一直在使用各种工具来抓取我的每个应用程序。虽然在编程方面可以完成的所有事情都已经完成，但现成的类(如 Active Record)无法预见，但有一个问题
security - 如何修复某些 Java 代码中的 "Path Manipulation Vulnerability"？
下面的简单 java 代码获取 Fortify Path Manipulation 错误。请帮我解决这个问题。我挣扎了很长时间。 public class Test { public stat
Azure虚拟机: SQL servers on machines should have vulnerability findings resolved
我已在 Azure 中创建了一个 Windows VM，但该 VM 未安装 SQL。但是，我发现以下合规性问题 SQL servers on machines should have vulnera
ruby-on-rails - rails : Is devise vulnerable to session hijacking?
是devise通过正常的 http://连接容易受到 session 劫持吗？我无法从文档中弄清楚它。最佳答案是的。Rails 管理 session 的默认方式很容易被劫持。这是因为它将客户端进
c# - CA2100 : Review SQL queries for security vulnerabilities
嘿，有人可以帮我处理这段代码吗？(visual studio 给我一个警告 ca2100，我不知道该怎么做，谷歌上的解决方案我没有成为他们工作 xD) 谢谢 private void Updatebt
android - 如何解决 "Remediation for JavaScript Interface Injection Vulnerability"？
Google 要求我解决 https://support.google.com/faqs/answer/9095419在我的 Android 应用程序中，这基本上意味着不对通过 HTTP 加载的网页使
regex - 如何搜索 () { :; }; bash vulnerability pattern in many files?
我确信许多人可以通过搜索文件来查找 bash 漏洞模式而受益。最佳答案 grep -R '\(\)\{ *: *;\}' * 从一个目录开始，这将在所有文件中递归地搜索该模式。关于regex -
ruby-on-rails - rails : updating to non vulnerable version
这个问题不太可能帮助任何 future 的访问者；它只与一个小的地理区域、一个特定的时间点或一个非常狭窄的情况有关，这些情况并不普遍适用于互联网的全局受众。为了帮助使这个问题更广泛地适用，visit
javascript - 使用 JavaScript eval() : wondering about code security/vulnerabilities
我的页面中有一个元素列表，我想对其应用 jQuery 滑动动画。但是，我希望动画按顺序链接起来，即只有当前一个元素的动画完成时，一个元素才会开始其动画。列表的长度是可变的，所以我需要找到一个动态的解
android Google Play 警告 : SSL Error Handler Vulnerability
我在我的应用中使用了 gorbin/ASNE SDK。我最近收到一封来自 Google 的电子邮件，主题如下:“Google Play 警告:SSL 错误处理程序漏洞”。在这封电子邮件中，Google
java - Mass Assignment : Insecure Binder Configuration Vulnerability?的解决方法是什么
我在 Java 中有这个 Controller : @Controller public class AuthenticationController extends AbstractControll
go - G110 : Potential DoS vulnerability via decompression bomb (gosec)
我收到以下信息 golintci信息: testdrive/utils.go:92:16: G110: Potential DoS vulnerability via decompression bo
visual-studio - VS 解决方案资源管理器分析器感叹号 : ef1000 "possible sql injection vulnerability"
解决方案资源管理器中的奇怪消息。 ef1000“可能的sql注入(inject)漏洞” 它不会阻止编译，没有错误，没有警告，“错误列表”中没有消息。编译输出中没有类似的消息... 单击不会将焦点移至
penetration-testing - 如何通过 Wapiti Web Application Vulnerability Scanner 传递用户凭据
我想用 Wapiti 测试我们的 Web 应用程序扫描器。在我的场景中，我假设攻击者是经过身份验证的用户。如何配置 Wapiti 以在我们的登录表单上使用特定的用户名和密码，以便我可以测试其背后的页面

行者123

个人简介

我是一名优秀的程序员,十分优秀！

作者热门文章

滴滴打车优惠券免费领取

全站热门文章

首页

博学

6Ren·AI

商城

npm install issue : 27 vulnerabilities (16 moderate, 9 high, 2 critical) 要解决所有问题，请运行:npm audit fix --force