There is 1 vulnerability that requires manual review in current version

dgrubelic / vue-authenticate

Simple Vue.js authentication library

1.43k stars 252 forks source link

There is 1 vulnerability that requires manual review in current version #229

Open IHaveHandedInMyResignation opened 3 years ago

IHaveHandedInMyResignation commented 3 years ago

High Server-Side Request Forgery
Package axios
Patched in >=0.21.1
Dependency of vue-authenticate
Path vue-authenticate > axios
More info https://npmjs.com/advisories/1594

RobQuistNL commented 3 years ago

It is fixed in this fork: https://github.com/simbachain/vue-authenticate

literakl commented 2 years ago

Would you fix this vulnerable dependency @dgrubelic please? npm audit complains

axios <=0.21.1 Severity: high Incorrect Comparison in axios - https://github.com/advisories/GHSA-cph5-m8f7-6c5x Server-Side Request Forgery in Axios - https://github.com/advisories/GHSA-4w2v-q235-vp99