search

sendgrid / sendgrid-nodejs

The Official Twilio SendGrid Led, Community Driven Node.js API Library
https://sendgrid.com
MIT License
2.98k stars 781 forks source link

Server-Side Request Forgery in axios - version update needed #1414

Open Lexiel46 opened 3 weeks ago

Lexiel46 commented 3 weeks ago

The npm package axios, versions 1.3.2 to 1.7.3, has been reported to have a high-severity vulnerability - Server-Side Request Forgery.

sendgrid-client is currently configured with axios 1.6.8 image

To avoid using vulnerable versions of axios, I suggest updating axios to the lastest version, 1.7.4.

malee1975 commented 3 weeks ago

Same issue here, flagged by Mend during the build process

CVE-2024-39338