GMS-2019-25: Low severity vulnerability that affects eye.js

October 7, 2019 (updated December 3, 2021)

Test breaking

Impact

In v1.2.0, tests are broken: all tests are always succeeding. If tests are looking for security vulnerabilities, these were compromised.

Patches

Users should upgrade to v1.2.1

Workarounds

Users who don’t use eye.js for looking for vulnerabilities are safe. Upgrading will just fix some bugs.

For more information

If you have any questions or comments about this advisory:

Open an issue in EyeJS
Email us at arguiot@gmail.com

References

github.com/advisories/GHSA-mgv2-57vj-99xc
github.com/arguiot/EyeJS/security/advisories/GHSA-mgv2-57vj-99xc

Detect and mitigate GMS-2019-25 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →