search

node-modules / urllib

Request HTTP(s) URLs in a complex world.
MIT License
726 stars 118 forks source link

Can this still be fixed v2.41.0 has high severity vulnerability #488

Closed jusfeel closed 6 months ago

jusfeel commented 7 months ago

I have no control over the source code, so just want to ask in case this version is still maintained.

https://github.com/node-modules/urllib/releases/tag/2.41.0

image

ip  <=1.1.8
Severity: high
NPM IP package vulnerable to Server-Side Request Forgery (SSRF) attacks - https://github.com/advisories/GHSA-78xj-cgh5-2h22
fix available via `npm audit fix`
node_modules/urllib/node_modules/ip
  urllib  2.27.0 - 3.0.0-alpha.1
  Depends on vulnerable versions of ip
  node_modules/urllib

2 high severity vulnerabilities

node 20.11.0 npm 10.2.4

fengmk2 commented 6 months ago

Please upgrade to use urllib@3