ryn101
commented
5 months ago I'm also seeing this vulnerability https://security.snyk.io/vuln/SNYK-JS-HAPIHOEK-548452 due to the outdated usage of simple-oauth2 v2.5.1 (latest is v5.0)
Open mfaridk opened 6 months ago
ryn101
commented
5 months ago I'm also seeing this vulnerability https://security.snyk.io/vuln/SNYK-JS-HAPIHOEK-548452 due to the outdated usage of simple-oauth2 v2.5.1 (latest is v5.0)
Hi, bynder-js-sdk is using an outdated version of many libraries, is it possible to bring bynder-js-sdk on the latest node?
This package has too many security issues because of the outdated libraries.
Issues with no direct upgrade or patch: ✗ Cross-site Request Forgery (CSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459] in axios@0.27.2 introduced by @bynder/bynder-js-sdk@2.3.9 > axios@0.27.2 This issue was fixed in versions: 0.28.0, 1.6.0 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6124857] in axios@0.27.2 introduced by @bynder/bynder-js-sdk@2.3.9 > axios@0.27.2 This issue was fixed in versions: 1.6.3 ✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788] in axios@0.27.2 introduced by @bynder/bynder-js-sdk@2.3.9 > axios@0.27.2 This issue was fixed in versions: 1.6.4
FYI... @elseee @erikvanbrakel