search

newrelic / csec-node-agent

Repository for new relic node security agent
Other
3 stars 7 forks source link

Latest security agent version uses vulnerable ws package version, CVE-2024-3789 #229

Closed tomerelkayam closed 5 months ago

tomerelkayam commented 5 months ago

Description

Latest @newrelic/security-agent version uses vulnerable ws package version 8.14.2, https://github.com/advisories/GHSA-3h5v-q93c-6h6q

Expected Behavior

Please upgrade @newrelic/security-agent to use ws >= 8.17.1 https://github.com/newrelic/csec-node-agent/blob/main/package.json

sumitsuthar commented 5 months ago

Fixed the issue in following PR: https://github.com/newrelic/csec-node-agent/pull/228