Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server-Side Request Forgery in axios (CVE-2024-39338) - update to axios 1.7.4 needed #159

Closed
MikeMcC399 opened this issue Aug 14, 2024 · 3 comments
Closed

Server-Side Request Forgery in axios (CVE-2024-39338) - update to axios 1.7.4 needed #159

MikeMcC399 opened this issue Aug 14, 2024 · 3 comments

Comments

@MikeMcC399
Copy link

MikeMcC399 commented Aug 14, 2024
edited
Loading

Server-Side Request Forgery in axios reports a High Severity vulnerability in the npm package axios >= 1.3.2, <= 1.7.3

image

wait-on is currently configured with

wait-on/package.json

Lines 40 to 41 in a10322f

"dependencies": {
"axios": "^1.6.1",

To avoid use of vulnerable versions of axios, I suggest that wait-on update to axios@^1.7.4.

Workaround

For npm environments:

npm audit fix
This was referenced Aug 14, 2024
Open
Merged
Merged
@markrzen
Copy link

@jeffbski Any chance you would be interested in adding a contributor to this project to help keep it updated?

@MikeMcC399
Copy link
Author

Related to this issue and addressed to @jeffbski

  • Are you planning to update axios yourself to resolve this issue?
  • If somebody else submits a PR to update axios would you review and merge it?

@markrzen markrzen mentioned this issue Aug 19, 2024
Closed
@MikeMcC399
Copy link
Author

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@markrzen @MikeMcC399