Closed scottdickerson closed 2 years ago
Hey, thanks for reporting! I will release a new patch. However, you can bump jsonpointer
to 4.1.0
without a new patch because the current version ^4.0.1
satisfies 4.1.0
too.
New version released - https://github.com/atlassian/better-ajv-errors/releases/tag/v0.8.1
Ah! you are right! I need to bump to 5.0.0
because the 4.1.0
fix introduced this new vuln 🤦🏽
New version released - https://github.com/atlassian/better-ajv-errors/releases/tag/v0.8.2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23807 Our security scans detected an issue with jsonpointer which was brought in by the latest version of better-ajv-errors