New CVE in jsonpointer needs upgrade to 5.0.0 to fix

atlassian / better-ajv-errors

JSON Schema validation for Human 👨‍🎤

https://atlassian.github.io/better-ajv-errors/

Other

232 stars 44 forks source link

New CVE in jsonpointer needs upgrade to 5.0.0 to fix #100

Closed scottdickerson closed 2 years ago

scottdickerson commented 2 years ago

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23807 Our security scans detected an issue with jsonpointer which was brought in by the latest version of better-ajv-errors

torifat commented 2 years ago

Hey, thanks for reporting! I will release a new patch. However, you can bump jsonpointer to 4.1.0 without a new patch because the current version ^4.0.1 satisfies 4.1.0 too.

torifat commented 2 years ago

New version released - https://github.com/atlassian/better-ajv-errors/releases/tag/v0.8.1

torifat commented 2 years ago

Ah! you are right! I need to bump to 5.0.0 because the 4.1.0 fix introduced this new vuln 🤦🏽

torifat commented 2 years ago

New version released - https://github.com/atlassian/better-ajv-errors/releases/tag/v0.8.2