axios version update #8
Comments
Open
|
저도 본 이슈의 대응을 부탁드립니다. 현재 본 패키지가 사용중인 follow-redirects, axios 패키지에 보안 이슈가 있는 것으로 보입니다. GHSA-4w2v-q235-vp99 yarn audit은 follow-redirects >=1.14.8, axios >=0.21.2 를 사용할 것을 권고하고 있습니다. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
`# npm audit report
axios <=0.21.1
Severity: high
Incorrect Comparison in axios - GHSA-cph5-m8f7-6c5x
Server-Side Request Forgery in Axios - GHSA-4w2v-q235-vp99
Depends on vulnerable versions of follow-redirects
No fix available
node_modules/iamport-rest-client-nodejs/node_modules/axios
iamport-rest-client-nodejs *
Depends on vulnerable versions of axios
node_modules/iamport-rest-client-nodejs
follow-redirects <=1.14.7
Severity: high
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - GHSA-pw2r-vq6v-hr8c
Exposure of sensitive information in follow-redirects - GHSA-74fj-2j2h-c42q
No fix available
node_modules/iamport-rest-client-nodejs/node_modules/follow-redirects
axios <=0.21.1
Depends on vulnerable versions of follow-redirects
node_modules/iamport-rest-client-nodejs/node_modules/axios
iamport-rest-client-nodejs *
Depends on vulnerable versions of axios
node_modules/iamport-rest-client-nodejs
3 high severity vulnerabilities
`
The text was updated successfully, but these errors were encountered: