Open shrubom opened 1 week ago
bitcoder
commented
1 week ago thanks for reporting @shrubom . It needs to be analyzed by someone. From a quick look it seems that it isn't applicable to this project. If you look at the advisory, it mentions "proxy versions" >= 2.0.0, < 2.1.1, where this package is using "proxy" version 1.0.2
shrubom
commented
1 week ago Thank you for the prompt response. Highly appreciated. :-)
Could you please confirm if I am using the correct npm dependency version? "@xray-app/playwright-junit-reporter": "^0.3.0"
If it is the correct one, then I will contact my security team to analyze this from our end as well.
bitcoder
commented
1 week ago 0.3.0 is the latest version of this package; I advise you to look at your package-lock.json file of your project to see what "proxy" version is being resolved by npm and therefore being used in your project
shrubom
commented
1 week ago Perfect. Thank you so much will do so and keep you posted. :)
Hi @bitcoder ,
I am currently integrating new playwright tests to Xray TMT. But when i need to use JFrog Xray scans as the standards of my organization.
CVE-2023-2968 - Severity: High Impacted Components: proxy:1.0.2JFrog(XRAY-520917) generate an enhanced JUnit XML report suitable for Xray with the playwright test results Latest version: 0.3.0 published 1 month ago https://github.com/Xray-App/playwright-junit-reporter
Is there a way to mitigate this ? or will this be addressed in the coming releases?
Please advice.
Thank you.