CVE-2024-4068: High vulnerability found in @stoplight/spectral-cli version 6.11.1

stoplightio / spectral

A flexible JSON/YAML linter for creating automated style guides, with baked in support for OpenAPI (v3.1, v3.0, and v2.0), Arazzo v1.0, as well as AsyncAPI v2.x.

https://stoplight.io/spectral

Apache License 2.0

2.48k stars 233 forks source link

CVE-2024-4068: High vulnerability found in @stoplight/spectral-cli version 6.11.1 #2639

Open rushikeshchoche opened 3 months ago

rushikeshchoche commented 3 months ago

The current version of @stoplight/spectral-cli (6.11.1) seems to have a known vulnerability linked to it. The issue is associated with the braces package, specifically versions prior to 3.0.3. More details can be found in the following advisory: [GHSA-grv7-fg5c-xmjg]

Addressing this vulnerability will not only secure @stoplight/spectral-cli but also benefit other packages that depend on it. Your assistance in resolving this issue would be greatly appreciated. Thank you!

github-actions[bot] commented 3 months ago

This ticket has been labeled jira. A tracking ticket in Stoplight's Jira (STOP-648) has been created.