Latest release uses vulnerable axios version (CVE-2024-39338)

newrelic / csec-node-agent

Repository for new relic node security agent

Other

3 stars 7 forks source link

Closed milenkotomic closed 3 months ago

milenkotomic commented 3 months ago

Latest @newrelic/security-agent version uses vulnerable axios package version 1.6.8 CVE-2024-39338

Please upgrade @newrelic/security-agent to use axios >= 1.7.3

sumitsuthar commented 3 months ago

Axios has not released a fix for this yet

Irene350 commented 3 months ago

Any news on this one?

sumitsuthar commented 3 months ago

@Irene350 Axios has still not fixed the issue. PR is still open. https://github.com/axios/axios/pull/6539. once axios publish a new version we will release ASAP