opsgenie-nodejs-sdk icon indicating copy to clipboard operation
opsgenie-nodejs-sdk copied to clipboard

Published 20 hours ago verified publisher icon opsgenie

requestretry vulnerability

Open chrisleekr opened this issue 2 years ago • 2 comments

The requestretry v1.13.0 has a cookie exposure vulnerability.

To reproduce:

$ npm audit

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Cookie exposure in requestretry                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ requestretry                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=7.0.0                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ opsgenie-sdk                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ opsgenie-sdk > requestretry                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-hjp8-2cm3-cc45            │
└───────────────┴──────────────────────────────────────────────────────────────┘

Environment:

  • Node version: 14.19.0
  • opsgenie-sdk: 1.13.0

Could you be able to update requestretry to 7.0.0?

chrisleekr avatar Mar 02 '22 13:03 chrisleekr