fix(security): remedy CVE-2021-3749 #1569
Assignees
Labels
dependencies
Pull requests that update a dependency file
Security
Related to existing or potential security vulnerabilities
Comments
petermetz
added
dependencies
petermetz
added a commit
to petermetz/cacti
that referenced
this issue
Nov 23, 2021
Upgrading the remainig two packages to the latest and greatest version of the axios dependency which makes it consistent across the monorepo plus eliminates the CVE in question. Fixes hyperledger-cacti#1569 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz
added a commit
that referenced
this issue
Nov 28, 2021
Upgrading the remainig two packages to the latest and greatest version of the axios dependency which makes it consistent across the monorepo plus eliminates the CVE in question. Fixes #1569 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
1 axios vulnerability found in yarn.lock
Remediation
Upgrade axios to version 0.21.2 or later. For example:
axios@^0.21.2:
version "0.21.2"
Always verify the validity and compatibility of suggestions with your codebase.
Details
CVE-2021-3749: GHSA-cph5-m8f7-6c5x
high severity
Vulnerable versions: <= 0.21.1
Patched version: 0.21.2
axios is vulnerable to Inefficient Regular Expression Complexity
The text was updated successfully, but these errors were encountered: