search

node-modules / urllib

Request HTTP(s) URLs in a complex world.
MIT License
726 stars 117 forks source link

vm2 Vulnerability #397

Closed naum43312016 closed 1 year ago

naum43312016 commented 1 year ago

Hello, In snyk urllib lib has critical vulnerability vm2 Sandbox Bypass. I have 2.38.1 version. https://security.snyk.io/vuln/SNYK-JS-VM2-2309905 Did you guys fix it in last version? Thanks

fengmk2 commented 1 year ago

urllib don't deps on vm2

naum43312016 commented 1 year ago

urllib deps on proxy-agent urllib@2.38.1 › proxy-agent@5.0.0 › pac-proxy-agent@5.0.0 › pac-resolver@5.0.0 › degenerator@3.0.1 › vm2@3.9.5 I use urllib 2.38.1 that deps on proxy-agent. I see that in last version urllib don't deps on proxy-agent. I will update my version to last one. thanks