You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Snyk and npm audit are complaining about a security vulnerability with the node-strava-v3 package dependencies, the request package. This vulnerability has been catalogued by Snyk with the identifier SNYK-JS-REQUEST-3361831, highlighting a CWE-918: Server-Side Request Forgery (SSRF) issue.
Vulnerability Details
The request package, which node-strava-v3 depends on, is vulnerable to SSRF attacks due to insufficient validation of user-supplied URLs in its lib/redirect.js file. This flaw allows attackers to perform insecure redirects to different protocols (e.g., from HTTP to HTTPS or vice versa), potentially leading to unauthorized access to sensitive information or internal systems.
It shouldn't be an issue since this package only uses with the offical Strava API.
Snyk and npm audit are complaining about a security vulnerability with the
node-strava-v3
package dependencies, therequest
package. This vulnerability has been catalogued by Snyk with the identifier SNYK-JS-REQUEST-3361831, highlighting a CWE-918: Server-Side Request Forgery (SSRF) issue.Vulnerability Details
The
request
package, whichnode-strava-v3
depends on, is vulnerable to SSRF attacks due to insufficient validation of user-supplied URLs in itslib/redirect.js
file. This flaw allows attackers to perform insecure redirects to different protocols (e.g., from HTTP to HTTPS or vice versa), potentially leading to unauthorized access to sensitive information or internal systems.It shouldn't be an issue since this package only uses with the offical Strava API.
Affected Versions:
strava-v3@2.2.0
depends onrequest@2.88.2
.GitHub Issues:
The text was updated successfully, but these errors were encountered: