Vulnerability CVE-2017-18589 Found in Cookies-next
castafab opened this issue · comments
There is any prediction to a patch that fix this High level vulnerability?
Same question
Can provide more information?
The command npm audit
doesn't give any information about it
That vulnerability was identified using the grype vulnerability scanner.
https://nvd.nist.gov/vuln/detail/CVE-2017-18589
Any news about this issue? the vulnerability was fixed in version 0.7.6 from Cookies(GHSA-vjrq-cg9x-rfjp), Do you have any prediction to update the cookies version in your dependencies?
I'm not sure if this refers to the cookie package on JS.
Your link is about cookies on rust
The Vulnerabilities scan GRYPE identified that as a vulnerability from your dependency, I assume because you use cookies dependency in your project.
In this case I do believe, the vulnerability scanner you are using is at fault. It found the "cookies" word on the package.json and made a look up on a table, where it found a match, but it neglected the fact that, the vulnerable package is a Rust crate.
In this case I do believe, the vulnerability scanner you are using is at fault. It found the "cookies" word on the package.json and made a look up on a table, where it found a match, but it neglected the fact that, the vulnerable package is a Rust crate.
I completely agree