Security - Medium severity - Vulnerable module:  canvas@1.1.6

Trying to use js-imagediff from jsdeliver which complains about security issue in the package. 

[Js deliver download page](https://www.jsdelivr.com/package/npm/imagediff) wait some seconds and until the varning message is shown. It leads to the 
[Snyk report](https://snyk.io/test/npm/imagediff/1.0.8?utm_medium=referral&utm_source=jsDelivr&utm_campaign=snyk-widget) on the issue. 

MEDIUM SEVERITY
Denial of Service (DoS)
Vulnerable module: canvas, Introduced through: canvas@1.1.6

Detailed paths
Introduced through: imagediff@1.0.8 › canvas@1.1.6

**Remediation:** Upgrade to canvas@1.6.10.

**Overview**
[canvas](https://www.npmjs.com/package/canvas) is a Cairo-backed Canvas implementation for Node.js.

Affected versions of this package are vulnerable to Denial of Service (DoS). Processing malicious JPEGs or GIFs files could crash the node process.

Denial of Service (DoS) [vulnerability report](https://snyk.io/vuln/SNYK-JS-CANVAS-174120)

Maybe just an old version on Js deliver  ?
It says 1.0.8 on the Js deliver page but in the code comments it says 1.0.3



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security - Medium severity - Vulnerable module: canvas@1.1.6 #69

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security - Medium severity - Vulnerable module: canvas@1.1.6 #69

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions