Update request -> http-signature -> sshpk

krg7880 / json-schema-generator

Generates draft v4 schema from a local file or a remote JSON url.

MIT License

174 stars 53 forks source link

Update request -> http-signature -> sshpk #28

Closed Amir-61 closed 5 years ago

Amir-61 commented 5 years ago

Regular Expression Denial of Service (ReDoS)

We are using json-schema-generator@2.0.6 which is the latest version and found this security vulnerability:

High severity vulnerability found in sshpk
Description: Regular Expression Denial of Service (ReDoS)
Introduced through: json-schema-generator@2.0.6
From: json-schema-generator@2.0.6 > request@2.83.0 > http-signature@1.2.0 > sshpk@1.13.1

Amir-61 commented 5 years ago

The issue got resolved on the latest version