Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Alert: Dependabot issue (6) - high #286

Open
Bhavdeep13 opened this issue Jul 25, 2024 · 0 comments · May be fixed by #295
Open

Security Alert: Dependabot issue (6) - high #286

Bhavdeep13 opened this issue Jul 25, 2024 · 0 comments · May be fixed by #295
Assignees
@Bhavdeep13
Labels
security Security related issues
Milestone
Security Issues

Comments

@Bhavdeep13
Copy link
Collaborator

A security vulnerability has been detected in the GHSA-q3qx-c6g2-7pw2 package.

Severity: high
Summary: aiohttp's ClientSession is vulnerable to CRLF injection via version
Details: (https://github.com/N5GEH/n5geh.tools.mqtt-gateway/security/dependabot/6)

Please review and address this issue accordingly.
@Bhavdeep13 Bhavdeep13 added the security Security related issues label Jul 25, 2024
@Bhavdeep13 Bhavdeep13 added this to the Security Issues milestone Jul 25, 2024
@Bhavdeep13 Bhavdeep13 self-assigned this Jul 26, 2024
@Bhavdeep13 Bhavdeep13 linked a pull request Sep 11, 2024 that will close this issue
chore(deps): bump aiohttp from 3.8.4 to 3.10.2 in /backend/api #295
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Bhavdeep13 Bhavdeep13

Labels
security Security related issues
Projects
None yet
Milestone
Security Issues
Development

Successfully merging a pull request may close this issue.

chore(deps): bump aiohttp from 3.8.4 to 3.10.2 in /backend/api N5GEH/n5geh.tools.mqtt-gateway
1 participant
@Bhavdeep13