search

SOHU-Co / kafka-node

Node.js client for Apache Kafka 0.8 and later.
MIT License
2.66k stars 628 forks source link

High synk vulnerability. Regular Expression Denial of Service #1467

Open vardeyk-yellow opened 1 year ago

vardeyk-yellow commented 1 year ago

Questions?

There's a high SYNK vulnerabilty which was introduced through kafka-node@5.0.0 > snappy@6.3.5 > prebuild-install@5.3.0 > npmlog@4.1.2 > gauge@2.7.4 > strip-ansi@3.0.1 > ansi-regex@2.1.1

Bug Report

Environment

Globant-Eduardo-Cerda commented 1 year ago

Should be solved adding "overrides": { "snappy": "^7.0.1" } to your package.json