Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Snyk vulnerability [SNYK-JS-GOT-2932019] #12132

Closed
github-actions bot opened this issue Jun 19, 2022 · 1 comment
Closed

Snyk vulnerability [SNYK-JS-GOT-2932019] #12132

github-actions bot opened this issue Jun 19, 2022 · 1 comment
Labels
help wanted Help/Contributions wanted from community members snyk-vulnerability

Comments

@github-actions
Copy link
Contributor

github-actions bot commented Jun 19, 2022
edited

Affecting Packages/Plugins

Overview

Affected versions of this package are vulnerable to Open Redirect due to missing verification of requested URLs. It allowed a victim to be redirected to a UNIX socket.

Remediation

Upgrade got to version 11.8.5, 12.1.0 or higher.

References
@github-actions github-actions bot added help wanted Help/Contributions wanted from community members snyk-vulnerability labels Jun 19, 2022
@jhaals
Copy link
Member

jhaals commented Jun 20, 2022

Medium severity and not sure if this is very applicable to us.
Blocked by jdalrymple/gitbeaker#2506 and a few other dependencies that don't specify version ranges

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Help/Contributions wanted from community members snyk-vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jhaals