Upgrade axios version to fix CVE-2023-26159

mailjet / mailjet-apiv3-nodejs

[API v3] Official Mailjet API v3 NodeJS wrapper

https://dev.mailjet.com

MIT License

232 stars 67 forks source link

Upgrade axios version to fix CVE-2023-26159 #272

Open GuusDeGraeve opened 4 months ago

GuusDeGraeve commented 4 months ago

The axios version used is vulnerable to Improper Input Validation through sub-dependency follow-redirects. This PR upgrades the axios version in order to mitigate this vulnerability.

More info: https://nvd.nist.gov/vuln/detail/CVE-2023-26159

GuusDeGraeve commented 4 months ago

@ai-wintermute / @scroll17 can someone possibly review this one? It's quite a high ranked CVE. Thanks!

dandv commented 2 days ago

I don't think this repo is being actively maintained any more but @ai-wintermute can confirm.