chia-blockchain-gui icon indicating copy to clipboard operation
chia-blockchain-gui copied to clipboard

Published 20 hours ago verified publisher icon Chia-Network

Security upgrade axios from 1.6.0 to 1.6.4

Open hohky opened this issue 5 months ago • 0 comments

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • packages/gui/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
ReDoS		 No Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Prototype Pollution
No Known Exploit

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS) 🦉 Prototype Pollution

hohky avatar Mar 10 '24 10:03 hohky