search

cdimascio / express-openapi-validator

🦋 Auto-validates api requests, responses, and securities using ExpressJS and an OpenAPI 3.x specification
MIT License
920 stars 211 forks source link

Found CVE-2021-23337 in latest version of express-openapi-validator #901

Closed prashanttrellix closed 9 months ago

prashanttrellix commented 9 months ago

Describe the bug A clear and concise description of what the bug is.

Found CVE (CVE-2021-23337) in latest version of express-openapi-validator because of transitive dependency lodash.zipobject/4.1.3. Do we have any fix for same ?

To Reproduce Run any Vulnerability tools (in my case i am using BlackDuck) on latest express-opneapi-validator.

Actual behavior A clear and concise description of what happens.

Expected behavior A clear and concise description of what you expected to happen.

Examples and context An example or relevant context e.g. an OpenAPI snippet, an Express handler function snippet

cdimascio commented 9 months ago

Lodash.zipobject has been removed in the latest release.