search

thelastpickle / cassandra-reaper

Automated Repair Awesomeness for Apache Cassandra
http://cassandra-reaper.io/
Apache License 2.0
489 stars 217 forks source link

Security Vulnerability in reaper - tough-cookie #1323

Open xordux opened 1 year ago

xordux commented 1 year ago

Project board link

Hi,

There is a dependency of NodeJS module which is affected by critical severity CVE. The source is:

src/ui has dependency on node-sass@4.9.0 which imports request@2.79.0 and this request module imports tough-cookie@2.4.3

Right now tough-cookie@2.4.3 has CVE-2023-26136

Please confirm, if reaper 3.3.2 is vulnerable with this issue. If yes, in which version of reaper the issue is being fixed or already addressed.

Thanks in advance.

┆Issue is synchronized with this Jira Story by Unito ┆Issue Number: REAP-46

xordux commented 1 year ago

Hi @adejanovski, thank you for adding this to project board. Do you know of any estimated timeline to get this CVE fixed?

xordux commented 1 year ago

Hi @adejanovski, Sorry for bothering you again, but by any chance do you have any update on this?