search

AgoraIO / agora-rtc-web

14 stars 3 forks source link

CSRF bug in old AXIOS lib #3

Closed Xotabu4 closed 7 months ago

Xotabu4 commented 11 months ago

AgoraRTC SDK version

latest

Fail Rate

100%

Link to minimal reproduction

https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Steps to reproduce

https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

What is expected?

No security issues

What is actually happening?

security issue

System Info

No response

Any additional comments?

No response

simo-an commented 11 months ago

This issue was submit here: https://github.com/axios/axios/issues/6022 agora-rtc-sdk-ng is using axios@0.27.2 which is not included in the vulnerability versions.

17001147411912

So there is no related security issus.

We also consider to upgrade axios to latest version at next version

simo-an commented 7 months ago

we have upgrade axios's version to 1.6.7 at agora-rtc-sdk-ng@4.20.2