Open Sharyie opened 1 year ago
@Sharyie your link sends us to "https://github.com/JCMais/node-libcurl/issues/url" when clicked on, so I'll leave the raw text to the blog post here:
P.S. Snyk security also picked up on these two vulnerabilities:
I will try to start the upgrade process this weekend, however updating to 8.4 will take some time, so no promises here.
For now, my advice would be to follow the recommendations in the advisory.
This package points to an old ref of libcurl related to https://daniel.haxx.se/blog/2023/10/11/how-i-made-a-heap-overflow-in-curl/.
Could you update it?