apollo-server icon indicating copy to clipboard operation
apollo-server copied to clipboard

Published 20 hours ago verified publisher icon apollographql

apollo-server-express dependency on body-parser <1.20.3 (CVE-2024-45590)

Open JasonKleban opened this issue 4 months ago • 0 comments

Issue Description

apollo-server-express dependency on body-parser <1.20.3 (CVE-2024-45590)

The package "apollo-server-express" seems to lead to this repo, though not instantly obvious if this is correct. Anyway, there's a vulnerability in supposed dependency of body-parser which should be upgraded to at least v1.20.3

Link to Reproduction

CVE-2024-45590

Reproduction Steps

apollo-server-express dependency on body-parser <1.20.3 (CVE-2024-45590)

JasonKleban avatar Sep 25 '24 17:09 JasonKleban