serverless-operations / serverless-step-functions

AWS Step Functions plugin for Serverless Framework ⚡️

Other

1.02k stars 204 forks source link

Snyk Report - (decompress-tar@4.1.1), Arbitrary File Write via Archive Extraction (Zip Slip) #588

Open BrettFieber opened 9 months ago

BrettFieber commented 9 months ago

This is a Bug(security) Report

Description

Snyk (https://snyk.io/) is reporting a security issue with serverless-step-functions@3.15.0 due to a dependency on decompress@4.2.1 => decompress-tar@4.1.1

https://security.snyk.io/vuln/SNYK-JS-DECOMPRESSTAR-559095

Additional Data

Serverless Framework Core Version you're using: 2.72.4
The Plugin Version you're using: 3.15.0
Operating System: windows/linux