Giters

microsoft / playwright-dotnet

.NET version of the Playwright testing and automation library.

Home Page:https://playwright.dev/dotnet/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[Bug]: NuGet package includes nodejs 20.11.0 which is included in CVE-2024-27983

brettski opened this issue · comments

commented

Version

1.43.0

Steps to reproduce

microsoft.playwright.1.43.0 (and some earlier versions) includes a Nodejs executable version 20.11.0.
This file is flagged by scanners (E.g., JFrog) with a High vulnerability due to CVE-2024-27983.
This stops the package from being downloaded within these platforms and in environments where packages are scanned prior to their use.

Expected behavior

It is expected that included Nodejs executables are not flagged as having a security vulnerability.

Actual behavior

Vulnerable included Nodejs executables are flagged as a high-security vulnerability.

Additional context

No response

Environment

- Operating System: Windows, Linux
- CPU: [arm64]
- .NET Version (TFM): [net8.0]
commented

I'll close it, since this gets fixed in 1.44.0 which we'll release shortly.