Contains a vulnerable version of http-proxy module

Rob--W / cors-anywhere

CORS Anywhere is a NodeJS reverse proxy which adds CORS headers to the proxied request.

MIT License

8.57k stars 5.99k forks source link

Closed prabushi closed 2 years ago

prabushi commented 2 years ago

cors-anywhere 0.4.4 version contains the http-proxy 1.11.1 version which is vulnerable to denial of service attack as described in https://github.com/advisories/GHSA-6x33-pw7p-hmpq.

Possible solution: Update the http-proxy to 1.18.1.

Rob--W commented 2 years ago

Duplicate of #253.