search

akamai / cli-property-manager

Use this Property Manager CLI to automate Akamai property changes and deployments across many environments.
Apache License 2.0
29 stars 22 forks source link

Vulnerability in dependent package tough-cookie@2.5.0 #90

Open dvorakd opened 6 months ago

dvorakd commented 6 months ago

Security scans are reporting critical vulnerability with the package tough-cookie@2.5.0 which is a dependency of request@2.88.2.

CVE CVE-2023-26136 SEVERITY critical CVSS 9.80 PACKAGE tough-cookie VERSION 2.5.0 STATUS fixed in 4.1.3 PUBLISHED > 7 months DISCOVERED < 1 hour DESCRIPTION Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in re... TRIGGERED FAILURE Yes

Thanks.