Upgrade axios to 1.6.3 SNYK-JS-AXIOS-6124857
helzahalim opened this issue · comments
Snyk vulnerability SNYK-JS-AXIOS-6124857
Affected versions of Axios of this package are vulnerable to Regular Expression Denial of Service (ReDoS). An attacker can deplete system resources by providing a manipulated string as input to the format method, causing the regular expression to exhibit a time complexity of O(n^2). This makes the server to become unable to provide normal service due to the excessive cost and time wasted in processing vulnerable regular expressions.
Packages:
Select all that apply:
-
@slack/web-api
-
@slack/rtm-api
-
@slack/webhooks
-
@slack/oauth
-
@slack/socket-mode
-
@slack/types
- I don't know
Requirements
Please read the Contributing guidelines and Code of Conduct before creating this issue or pull request. By submitting, you are agreeing to those rules.
Hi, @helzahalim! thanks for flagging this! 🙌
I have opened a PR to upgrade web-api
's Axios version here: #1710
Feel free to take a look! I will also keep an eye on the PR to make sure all the tests pass for web-api
with the version upgrade.
Thanks alot @hello-ashleyintech !
This has been released in web-api@6.11.1.