New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerable axios & IP packages used ! #175

Closed

DmytroShalaiev opened this issue Feb 27, 2024 · 1 comment · Fixed by #179

DmytroShalaiev commented Feb 27, 2024

Axios Cross-Site Request Forgery Vulnerability - GHSA-wf5p-g6vw-rhxx

NPM IP package incorrectly identifies some private IP addresses as public - GHSA-78xj-cgh5-2h22

there are fixed packages so that they can be updated in mempool.js.

natsoni mentioned this issue

Bump axios dependency version 0.24 -> 1.6.7 #179

Merged

softsimon closed this as completed in #179

Author

DmytroShalaiev commented Apr 24, 2024

Thanks for the fix, please can you create a new tag with fix and update npm package

DmytroShalaiev mentioned this issue

npm package version needs to be updated #191

Open

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment