Open small-sim opened 2 weeks ago
Hi,
I noticed a security vulnerability in axios package 0.22.0 related to CSRF. It seems to be originating from [@mhoc/axios-digest-auth 0.8.0] (https://www.npmjs.com/package/@mhoc/axios-digest-auth/v/0.8.0). Introduced through: @mhoc/axios-digest-auth@0.8.0 › axios@1.6.2
attaching screenshot for reference:
I have checked with axios package upgrade and it did not resolved the vulnerability, in package @mhoc/axios-digest-auth@0.8.0 there is axios version in their package.json instead of using a ^ or ~ https://github.com/mhoc/axios-digest-auth/blob/master/package.json#L14
Can you please let us know if there will be any stable version where we don't have Prototype Pollution vulnerabilty?
Hi,
I noticed a security vulnerability in axios package 0.22.0 related to CSRF. It seems to be originating from [@mhoc/axios-digest-auth 0.8.0] (https://www.npmjs.com/package/@mhoc/axios-digest-auth/v/0.8.0). Introduced through: @mhoc/axios-digest-auth@0.8.0 › axios@1.6.2
attaching screenshot for reference:
I have checked with axios package upgrade and it did not resolved the vulnerability, in package @mhoc/axios-digest-auth@0.8.0 there is axios version in their package.json instead of using a ^ or ~ https://github.com/mhoc/axios-digest-auth/blob/master/package.json#L14
Can you please let us know if there will be any stable version where we don't have Prototype Pollution vulnerabilty?