Issue on a dependency - CVE-2021-3765

alexa-js / alexa-verifier-middleware

An express middleware that verifies HTTP requests sent to an Alexa skill are sent from Amazon.

MIT License

31 stars 6 forks source link

Closed Reni88 closed 9 months ago

Reni88 commented 10 months ago

Hi,

Good day. Just wanted to inform that we encountered a security issue on one of alexa-verifier-middleware dependency for its version 2.0.2:

Dependency: validator Version: 9.4.1

It is raised under this CVE ID: CVE-2021-3765

Hoping for an action to this. Thank you.

dblock commented 10 months ago

Please make PRs to fix this, @Reni88.

Reni88 commented 10 months ago

Reni88 commented 9 months ago

Fix is merged. Closing this issue. Thanks all!