swagger-tools icon indicating copy to clipboard operation
swagger-tools copied to clipboard

Published 20 hours ago verified publisher icon apigee-127

Vulnerability in dicer package

Open TheBrockEllis opened this issue 2 years ago • 1 comments

According to NPM audit, the dicer package has been marked with a high vulnerability. Swagger-tools is impacted by this vulnerability by way of this path: swagger-tools > multer > busboy > dicer

CVE link:https://github.com/advisories/GHSA-wm7h-9275-46v2

The multer team has just recently updated their 1.x branch to include a fix in a backwards compatible way. The branch can be found here.

Is there any chance that swagger-tools could be updated to use v1.4.5-lts.1 of multer? Would be will to put together the PR if desirable.

TheBrockEllis avatar Aug 03 '22 14:08 TheBrockEllis

Any updates on this?

leachjustin18 avatar Aug 15 '22 15:08 leachjustin18