swagger-express-middleware icon indicating copy to clipboard operation
swagger-express-middleware copied to clipboard

Published 20 hours ago verified publisher icon APIDevTools

Dicer Vulnerability

Open RyanFrodge opened this issue 2 years ago • 1 comments

Hello. Please update the multer dependency to fix the dicer vulnerability.

multer is a dependency of this package. Busboy is a dependency of multer. Dicer is a dependency of busboy in the version contained within this current tree.

Busboy and multer have both been updated to remove dicer as it is no longer supported. Currently this is causing a security vulnerability in our application and a stopgap solution must be implemented until this package is updated or the package is dropped.

https://nvd.nist.gov/vuln/detail/CVE-2022-24434

RyanFrodge avatar Aug 30 '22 19:08 RyanFrodge

@JamesMessinger

RyanFrodge avatar Sep 01 '22 15:09 RyanFrodge

Just linking the PR that addresses this for easy reference: https://github.com/APIDevTools/swagger-express-middleware/pull/181

ericwastaken avatar Nov 04 '22 23:11 ericwastaken