Use of axios lower than 1.6.0 results in CVE-2023-45857 #84
Labels
Comments
darinspivey
added a commit
that referenced
this issue
Nov 7, 2023
This bump fixes a security vulerability in axios. This also addresses the following issues: * CWE-352 * CSVV 7.1 * SNYK-JS-AXIOS-6032459 Fixes: #84
|
Thanks for reporting this, @andyedwardsibm . This showed up in our security scans as well, and the notifications for that system have been made louder so we're aware of issues moving forward. |
darinspivey
added a commit
that referenced
this issue
Nov 7, 2023
This bump fixes a security vulerability in axios. This also addresses the following issues: * CWE-352 * CSVV 7.1 * SNYK-JS-AXIOS-6032459 Fixes: #84
|
🎉 This issue has been resolved in version 2.6.8 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This module is using
axois@^0.25.0logger-node/package.json
Line 109 in 87463cb
This makes it vulnerable to CVE-2023-45857:
Moving to at least 1.6.0 resolves the CVE
The text was updated successfully, but these errors were encountered: