-
Notifications
You must be signed in to change notification settings - Fork 153
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability in the library #599
Comments
Hello. Are you planning to fix this? Any workaround I can use in the meantime?. Thanks |
Hi @rpodwika and @jhonnycordova, thanks for raising this issue Do you mind clarifying where PR #598 fixes the core package version, but the version being pulled in from |
The The version from |
I am seeing this vulnerability flagged for any version of semver < 7.5.2: The paths given where it is introduced through are:
Note that this is flagged as a high severity vulnerability. |
Hi all, thank you for your responses! We are actively working on a fix |
Node SDK v3.5.1, which includes the fix for this security vulnerability, has been released |
https://www.mend.io/vulnerability-database/CVE-2022-25883
-> aws-xray-sdk-3.5.0.tgz (Root Library)
-> aws-xray-sdk-core-3.5.0.tgz
-> cls-hooked-4.2.2.tgz
-> ❌ semver-5.7.1.tgz (Vulnerable Library)
The text was updated successfully, but these errors were encountered: