search

qase-tms / qase-javascript

Qase TMS JavaScript SDK
https://developers.qase.io
49 stars 41 forks source link

[playwright-qase-reporter] Mitigation of Axios Cross-Site Request Forgery Vulnerability in playwright-qase-reporter npm package #475

Closed bs-rezve closed 1 week ago

bs-rezve commented 8 months ago

The npm package "playwright-qase-reporter" is currently vulnerable to a moderate Cross-Site Request Forgery (CSRF) issue in the Axios library, as identified by the npm audit advisory GHSA-wf5p-g6vw-rhxx.

Vulnerability Details

Severity: Moderate Package: axios Patched Version: >=1.6.0 Dependency Chain: playwright-qase-reporter > qaseio > axios Advisory Link: GHSA-wf5p-g6vw-rhxx

image

Recommendation:

Update the Axios library in the "playwright-qase-reporter" npm package to version >=1.6.0 to mitigate the CSRF vulnerability.

Steps to Reproduce:

The vulnerability can be verified by running the npm audit command on the "playwright-qase-reporter" npm package.

Thanks

apis3445 commented 5 months ago

Any updates to fix this?

stale[bot] commented 2 weeks ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.