Issue on a dependency - CVE-2023-37466 & CVE-2023-37903

TooTallNate / proxy-agents

Node.js HTTP Proxy Agents Monorepo

https://proxy-agents.n8.io

872 stars 229 forks source link

Issue on a dependency - CVE-2023-37466 & CVE-2023-37903 #266

Closed Reni88 closed 6 months ago

Reni88 commented 6 months ago

Hi,

Good day. Just wanted to inform that we encountered a security issue on one of proxy-agent dependency for its version 5.0.0:

Dependency: vm2 Version: 3.9.19

It is raised under this CVE ID: CVE-2023-37466 & CVE-2023-37903

If this was already discussed and resolution was already delivered. Let us know. Thank you.

TooTallNate commented 6 months ago

This issue was already fixed in https://github.com/TooTallNate/proxy-agents/pull/224.

Reni88 commented 6 months ago

Hi @TooTallNate , thank you for the response. Yes, we concluded that we are not using the version with that commit. We will update the package to include this. Thank you again!