Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
High security vulnerability in Axios dependency
See original GitHub issueOur Whitesource is complaining about the Axios package but we can’t upgrade it as it’s locked to “^0.18.1” in Searchkit.
Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.
To resolve it says we should upgrade to version 0.19.0. Maybe we could even go to latest 0.21.0? Could you update the dependency?
Issue Analytics
- State:
- Created 3 years ago
- Comments:9 (3 by maintainers)
Top Results From Across the Web
axios - Snyk Vulnerability Database
version published direct vulnerabilities
1.2.1 5 Dec, 2022 0. C. 0. H. 0. M. 0. L
1.2.0 22 Nov, 2022 0. C. 0. H. 0....
Read more >Potential security vulnerability found in the axios dependency
Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength...
Read more >Axios 0.18.0 High level Security Vulnerabilities in WhiteSource
Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after ...
Read more >Denial Of Service (DoS) Vulnerability in the axios library (+4 ...
axios is vulnerable to denial of service (DoS) attacks. The vulnerability exists as content can continue to be sent through the stream even...
Read more >Axios Axios : List of security vulnerabilities - CVE Details
# CVE ID CWE ID Vulnerability Type(s) Publish Date Update Date Score Gaine...
1 CVE‑2021‑3749 1333 2021‑08‑31 2022‑10‑07 7.8 None
2 CVE‑2020‑28168 918 Bypass 2020‑11‑06...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
ok released this under v2.4.3. Have briefly tested this but great to hear if you have any issues on your apps!
@joemcelroy any chance we can merge the fix for us Searchkit v2 users?