ember-cli-deploy-s3 icon indicating copy to clipboard operation
ember-cli-deploy-s3 copied to clipboard

Published 20 hours ago verified publisher icon ember-cli-deploy

RCE vulnerability in `pac-resolver`

Open epfremmer opened this issue 4 years ago • 1 comments

I recently ran into a request to address a security vulnerability related to [email protected] which is being used by my application through [email protected][email protected][email protected][email protected]

Related vulnerability: https://arstechnica.com/information-technology/2021/09/npm-package-with-3-million-weekly-downloads-had-a-severe-vulnerability/?amp=1

It looks like [email protected] is using the latest version of [email protected] which resolves the problem.

Would it be possible to get an update to ember-cli-deploy-s3 to bump proxy-agent to the latest version?

epfremmer avatar Sep 07 '21 19:09 epfremmer

FYI this was resolved with version 3.1.0. The issue is no longer reported in our security scans after upgrading.

apulverizer avatar Jan 20 '22 15:01 apulverizer