supertest icon indicating copy to clipboard operation
supertest copied to clipboard

Published 20 hours ago • verified publisher icon ladjs

Found CVE-2022-29622 in one of your dependent library- superagent

Open Dipenduroy opened this issue 2 years ago • 2 comments

Dipenduroy avatar May 27 '22 11:05 Dipenduroy

Please file a request or submit a PR in formidable for the vulnerability fix to be backported to v2.x tag of formidable, the non-ESM version, as it should be backported for community CJS support.

Ref:

  • https://github.com/node-formidable/formidable/commit/81dd350835e14dccca667fc46bc5c35f16f1b5ec
  • https://github.com/visionmedia/superagent/pull/1724
  • https://github.com/visionmedia/supertest/issues/780
  • https://github.com/visionmedia/superagent/issues/1725

titanism avatar Jun 01 '22 05:06 titanism

Hello, we found an security issue CVE-2022-29622 which is blocking our product release, could you please provide an updated version superagent which will support formidable - 3.2.4 ? Thanks a lot!

YolandaZhang369369 avatar Aug 26 '22 12:08 YolandaZhang369369

Hello, we found an security issue CVE-2022-29622 which is blocking our product release, could you please provide an updated version superagent which will support formidable - 3.2.4 ? Thanks a lot!

YolandaZhang369369 avatar Sep 29 '22 03:09 YolandaZhang369369

@titanism , could you please take a review of our urgent request above and share your fixing plan? Thanks!

YolandaZhang369369 avatar Sep 29 '22 03:09 YolandaZhang369369

This is not an issue. If you read the CVE you will see that they lowered the severity and it's a non-issue. Please stop opening issues and spamming.

titanism avatar Sep 29 '22 03:09 titanism