PseudoNinja
commented
6 months ago The fix here is to upgrade browser-sync to current (3.0.2 as of this comment) as it drops dependency for localtunnel which is dependant on the vulnerable version of axios
A Server-Side Request Forgery (SSRF) vulnerability was found in axios which is a dependency of lite-server. It is patched in version >=0.21.1 so lite-server should update axios.