Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Issue: Regular Expression Denial of Service (ReDoS) - No impact #65

Closed
petruki opened this issue Sep 2, 2021 · 0 comments
Closed

Security Issue: Regular Expression Denial of Service (ReDoS) - No impact #65

petruki opened this issue Sep 2, 2021 · 0 comments
Labels
security Vulnerability detected
Milestone
v3.1.0

Comments

@petruki
Copy link
Member

petruki commented Sep 2, 2021
edited

Vulnerable module: Axios
Introduced through: axios@0.21.1

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim function.
Snyk Report

What does it affect on the SDK?
There is no impact on using this version of axio@0.21.1 since the trim function is not in use.

Fix: axios/axios#3980
Issue: axios/axios#3979
@petruki petruki added the patch Update dependencies label Sep 2, 2021
@petruki petruki added this to the v3.0.2 milestone Sep 2, 2021
@petruki petruki added security Vulnerability detected and removed patch Update dependencies labels Sep 2, 2021
This was referenced Sep 3, 2021
Closed
Closed
petruki added a commit that referenced this issue Sep 7, 2021
@petruki
Merge pull request #66 from petruki/master
4886f54 
Closes #65
@petruki petruki closed this as completed in aefa006 Sep 7, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security Vulnerability detected
Projects
None yet
Milestone
v3.1.0
Development

No branches or pull requests
1 participant
@petruki