timhunt
commented
3 weeks ago Here is the output of our scanner
Vulnerability detail:
{
Title: GHSA-gcfg-hmwx-wq5h - nategood/httpful
Type: PACKAGE_VULNERABILITY
Severity: HIGH
Name: nategood/httpful
FilePath: var/www/html/moodle/plagiarism/turnitin/composer.lock
Package: COMPOSER
Vulnerability URL: https://github.com/advisories/GHSA-gcfg-hmwx-wq5h
}
We automatically scan our deployments for known vulnerabities, and this plugins is causing security warnings on our deployments becauase it is using an old version of nategood/httpful library, which contains this problem: https://huntr.com/bounties/8d59c089-92f1-4b73-90f8-54968a70e2fb
I think you said you are workin on a new version of this plugin. Hopefully you can update to the latest version of the library as part of the release. Thanks.