0
node-forge  <=1.2.1
Severity: high
Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr
Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g
fix available via `npm audit fix --force`
Will install webpack-dev-server@4.15.1, which is a breaking change
node_modules/node-forge
  selfsigned  1.1.1 - 1.10.14
  Depends on vulnerable versions of node-forge
  node_modules/selfsigned

7 vulnerabilities (1 low, 6 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force
PS C:\Users\gador\OneDrive\Dokumentumok\Coding\Mosh_coding\Redux_course\Redux\redux-starter> npm start

> redux-starter@1.0.0 start
> webpack-dev-server --config ./webpack.config.js

i 「wds」: Project is running at http://localhost:9000/
    at Object.createHash (node:crypto:133:10)
    at module.exports (C:\Users\gador\OneDrive\Dokumentumok\Coding\Mosh_coding\Redux_course\Redux\redux-starter\node_modules\webpack\lib\util\createHash.js:135:53)
    at NormalModule._initBuildHash (C:\Users\gador\OneDrive\Dokumentumok\Coding\Mosh_coding\Redux_course\Redux\redux-starter\node_modules\webpack\lib\NormalModule.js:417:16)    
    at handleParseError (C:\Users\gador\OneDrive\Dokumentumok\Coding\Mosh_coding\Redux_course\Redux\redux-starter\node_modules\webpack\lib\NormalModule.js:471:10)
    at C:\Users\gador\OneDrive\Dokumentumok\Coding\Mosh_coding\Redux_course\Redux\redux-starter\node_modules\webpack\lib\NormalModule.js:503:5
    at C:\Users\gador\OneDrive\Dokumentumok\Coding\Mosh_coding\Redux_course\Redux\redux-starter\node_modules\webpack\lib\NormalModule.js:358:12
    at C:\Users\gador\OneDrive\Dokumentumok\Coding\Mosh_coding\Redux_course\Redux\redux-starter\node_modules\loader-runner\lib\LoaderRunner.js:373:3
    at iterateNormalLoaders (C:\Users\gador\OneDrive\Dokumentumok\Coding\Mosh_coding\Redux_course\Redux\redux-starter\node_modules\loader-runner\lib\LoaderRunner.js:214:10)     
    at Array.<anonymous> (C:\Users\gador\OneDrive\Dokumentumok\Coding\Mosh_coding\Redux_course\Redux\redux-starter\node_modules\loader-runner\lib\LoaderRunner.js:205:4) {       
  opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
  library: 'digital envelope routines',
  reason: 'unsupported',
  code: 'ERR_OSSL_EVP_UNSUPPORTED'
}

I am currently trying trying to learn Redux from a course, it had some provided source code to work from and start the dev env from there. I had quite a few vulenerabilities after running npm i. Tried running npm audit fix --force as suggested in the terminal with no succes. After starting the dev env and trying to connect to localhost:9000, it doesnt let me connect to it. Any suggestions?

Drew Reese
  • 165,259
  • 14
  • 153
  • 181
Gábor Adorjáni
  • 11
  • 2
  • 1
    Does this answer your question?https://stackoverflow.com/questions/74726224/opensslerrorstack-error03000086digital-envelope-routinesinitialization-e – Lin Du Jun 22 '23 at 03:16

0 Answers0