Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prototype Pollution Affecting axios package, versions >=0.28.0 <1.6.4 #26538

Closed
4 tasks
amritanshvns opened this issue Jun 13, 2024 · 1 comment · Fixed by #27076
Closed
4 tasks

Prototype Pollution Affecting axios package, versions >=0.28.0 <1.6.4 #26538

amritanshvns opened this issue Jun 13, 2024 · 1 comment · Fixed by #27076
Assignees
@AgentEnder
Labels
outdated scope: core core nx functionality type: bug

Comments

@amritanshvns
Copy link

Current Behavior

Affected versions of this package are vulnerable to Prototype Pollution via the formDataToJSON function. https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788

Expected Behavior

Upgrade axios to version 1.6.4 or higher.

GitHub Repo

No response

Steps to Reproduce

https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788

Nx Report

https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788

Failure Logs

No response

Package Manager Version

No response

Operating System

  • macOS
  • Linux
  • Windows
  • Other (Please specify)

Additional Information

No response
@FrozenPandaz FrozenPandaz added the scope: core core nx functionality label Jun 24, 2024
@FrozenPandaz FrozenPandaz mentioned this issue Jul 23, 2024
Merged
FrozenPandaz added a commit that referenced this issue Jul 30, 2024
@FrozenPandaz
feat(core): update axios to ^1.7.2 (#27076)
f7d8056 
## Current Behavior
<!-- This is the behavior we have today -->

`axios@^1.6.0` is used.

## Expected Behavior
<!-- This is the behavior we should expect with the changes in this PR
-->

`axios@^1.7.2` is used

## Related Issue(s)
<!-- Please link the issue being fixed so it gets closed when this is
merged. -->

Fixes #26538

(cherry picked from commit 9fe9c29)
@github-actions GitHub Actions
Copy link

This issue has been closed for more than 30 days. If this issue is still occuring, please open a new issue with more recent context.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 27, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@AgentEnder AgentEnder

Labels
outdated scope: core core nx functionality type: bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(core): update axios to ^1.7.2 nrwl/nx
3 participants
@AgentEnder @FrozenPandaz @amritanshvns