sendgrid-nodejs icon indicating copy to clipboard operation
sendgrid-nodejs copied to clipboard

Published 20 hours ago verified publisher icon sendgrid

Server-Side Request Forgery in axios - version update needed

Open Lexiel46 opened this issue 1 year ago • 2 comments

The npm package axios, versions 1.3.2 to 1.7.3, has been reported to have a high-severity vulnerability - Server-Side Request Forgery.

sendgrid-client is currently configured with axios 1.6.8 image

To avoid using vulnerable versions of axios, I suggest updating axios to the lastest version, 1.7.4.

Lexiel46 avatar Aug 18 '24 23:08 Lexiel46

Same issue here, flagged by Mend during the build process

CVE-2024-39338

malee1975 avatar Aug 19 '24 09:08 malee1975

Adding to the comments here, also pointing out that this is required as a High-security vulnerability in Snyk.io:

https://security.snyk.io/vuln/SNYK-JS-AXIOS-7361793

treyreynolds avatar Sep 19 '24 16:09 treyreynolds