heml icon indicating copy to clipboard operation
heml copied to clipboard
verified publisher icon SparkPost

Update axios in @heml/elements to avoid security alert

Open juliakaltenegger opened this issue 6 years ago • 0 comments

Axios <= 0.18.0 causes high severity security alert (see CVE below). Version ^0.17.0 is specified as a dependency in @heml/elements.

https://github.com/SparkPost/heml/blob/78cd0d7f4829d1dd9642d07d1794abb48ea72a21/packages/heml-elements/package.json#L26

CVE

Security Alert: high severity

Vulnerable versions: <= 0.18.0 Patched version: 0.18.1

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.

CVE-2019-10742

juliakaltenegger avatar Nov 08 '19 16:11 juliakaltenegger