Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Known vulnerability found - CVE-2019-10742 (high severity) #51

Closed
r-brown opened this issue May 30, 2019 · 5 comments
Closed

Known vulnerability found - CVE-2019-10742 (high severity) #51

r-brown opened this issue May 30, 2019 · 5 comments
Assignees
@v-rudkovskiy

Comments

@r-brown
Copy link
Member

r-brown commented May 30, 2019

CVE-2019-10742

Vulnerable versions: <= 0.18.0
Patched version: No fix

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.
@r-brown
Copy link
Member Author

r-brown commented Jun 5, 2019
edited

Other alerts as of 05.06.2019 ( Source: https://github.com/Labs64/laravel-boilerplate/network/alerts )

image

v-rudkovskiy added a commit that referenced this issue Jun 6, 2019
@v-rudkovskiy
Issue #51 update axios
1104fd1
@v-rudkovskiy v-rudkovskiy reopened this Jun 6, 2019
@v-rudkovskiy
Copy link
Member

Fixed in 1104fd1

@r-brown r-brown reopened this Jun 6, 2019
@r-brown
Copy link
Member Author

r-brown commented Jun 6, 2019

All other security allerts need to be resolved as well: https://github.com/Labs64/laravel-boilerplate/network/alerts

@v-rudkovskiy
Copy link
Member

Llink "https://github.com/Labs64/laravel-boilerplate/network/alerts" opens page 404.

@r-brown
Copy link
Member Author

r-brown commented Jun 6, 2019
edited

@v-rudkovskiy see screenshot above

UPD: granted access to the view

v-rudkovskiy added a commit that referenced this issue Jun 6, 2019
@v-rudkovskiy
Issue #51 fix security allerts
3dfb20b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@v-rudkovskiy v-rudkovskiy

Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@r-brown @v-rudkovskiy