search

inertiajs / inertia

Inertia.js lets you quickly build modern single-page React, Vue and Svelte apps using classic server-side routing and controllers.
https://inertiajs.com
MIT License
6.3k stars 423 forks source link

Vulnerable Axios version #1807

Closed adamsir closed 7 months ago

adamsir commented 7 months ago

This version of Axios contains Cross-Site Request Forgery Vulnerability referenced in CVE-2023-45857 https://github.com/inertiajs/inertia/blob/0fc4b1c8b91639ed58b44fafe8833f2108496de6/packages/core/package.json#L53

Solution

Update Axios to patched version 1.6.0

SergkeiM commented 7 months ago

@adamsir there is a PR for this https://github.com/inertiajs/inertia/pull/1723 But looks like there is no one to merge it

reinink commented 7 months ago

Hey! Just merged in #1723 and hope to get a new release tagged soon 👍