New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can this still be fixed v2.41.0 has high severity vulnerability #488

Closed

jusfeel opened this issue Feb 10, 2024 · 1 comment

jusfeel commented Feb 10, 2024

I have no control over the source code, so just want to ask in case this version is still maintained.

https://github.com/node-modules/urllib/releases/tag/2.41.0

ip  <=1.1.8
Severity: high
NPM IP package vulnerable to Server-Side Request Forgery (SSRF) attacks - https://github.com/advisories/GHSA-78xj-cgh5-2h22
fix available via `npm audit fix`
node_modules/urllib/node_modules/ip
  urllib  2.27.0 - 3.0.0-alpha.1
  Depends on vulnerable versions of ip
  node_modules/urllib

2 high severity vulnerabilities

node 20.11.0
npm 10.2.4

The text was updated successfully, but these errors were encountered:

Member

fengmk2 commented Mar 18, 2024

Please upgrade to use urllib@3

fengmk2 closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment