Issue CVEs for vulnerabilities fixed by #6167 and #6163 #6345
Labels
priority::medium
A medium priority issue that should be resolved soon
target::1.x
A task that is targeted for a 1.x release
type::enhancement
Used when improving a feature
Describe the issue
The release notes for version 1.6.4 fixed two vulnerabilities that are missing CVEs, and as a result are not found by GitHub Dependabot or other tools dependent on the GitHub Advisory Database or other CVE databases.
https://github.com/axios/axios/releases/tag/v1.6.4
Could these be published as CVEs? One easy way to do so is to create a GitHub security advisory on the repository: https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/publishing-a-repository-security-advisory
Thanks!
Example Code
No response
Expected behavior
When possible, security vulnerabilities should be reported as advisories via CVEs so they can be automatically detected by tools.
Axios Version
No response
Adapter Version
No response
Browser
No response
Browser Version
No response
Node.js Version
No response
OS
No response
Additional Library Versions
No response
Additional context/Screenshots
No response
The text was updated successfully, but these errors were encountered: