Patch node-ip critical vulnerability in node20.x base image

aws / aws-lambda-base-images

Apache License 2.0

669 stars 109 forks source link

Patch node-ip critical vulnerability in node20.x base image #148

Open sbimochan opened 7 months ago

sbimochan commented 7 months ago

When using the latest public.ecr.aws/lambda/nodejs:20.2024.02.07.17-arm64 base image, critical errors has been shown for package ip@2.0.0 which has a fix version on 2.0.1

https://scout.docker.com/vulnerabilities/id/CVE-2023-42282?s=github&n=ip&t=npm&vr=%3E%3D2.0.0%2C%3C2.0.1&utm_source=desktop&utm_medium=ExternalLink

https://github.com/advisories/GHSA-78xj-cgh5-2h22

mastamark commented 7 months ago

+1 on the nodejs:18 flavor. (public.ecr.aws/lambda/nodejs:18)