Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

DoS in Axios

See original GitHub issue

Describe the bug A DoS vulnerability for Axios was disclosed publicly yesterday: https://snyk.io/vuln/SNYK-JS-AXIOS-174505

What version are you on? Tested with stellar-sdk@0.15.3.

To Reproduce

docker run -it --rm node:11 bash
mkdir test
cd test && npm init -y
npm install --save --unsafe-perm stellar-sdk
npm install -g snyk
snyk auth $SNYK_TOKEN
snyk test

Expected behavior stellar-sdk should not contain known vulnerabilities.

Additional context Doesn’t look like there is a fix for axios available yet. Maybe #241 is a good alternative.

Issue Analytics

State:
Created 4 years ago
Comments:7 (3 by maintainers)

Top GitHub Comments

1reaction

morleyzhicommented, May 8, 2019

@lirantal thanks for the report. The stellar library doesn’t have the functionality you mentioned. We determined that the bug was not exploitable in a profitable way, so we’re okay to wait until the PR gets merged and makes it into an official release.

0reactions

lirantalcommented, May 8, 2019

Sounds good. Always available if there’s anything I can help with in the future.