CVE on path-to-regex
L4ngu0r opened this issue · 8 comments
L4ngu0r commented
Hello, our audit reported a CVE on path-to-regex, can you update this deps? It is known on your side?
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ high │ path-to-regexp outputs backtracking regular │
│ │ expressions │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package │ path-to-regexp │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ <0.1.10 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions │ >=0.1.10 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths │ apps/front > dd-trace@5.17.0 > path-to-regexp@0.1.7 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info │ https://github.com/advisories/GHSA-9wv6-86v2-598j │
└─────────────────────┴────────────────────────────────────────────────────────┘
BellaMay95 commented
Following. Looks like the version got bumped here just a little while ago so hopefully the new version gets released here soon. :)
LucasHaddad commented
is it being released soon? anything we can help with in this matter?
thiagoribeir015 commented
Hi, any updates on a release here @L4ngu0r? 🙇🏻
L4ngu0r commented
@thiagoribeir015 I'm not a maintainer here :-) just a user waiting for them to push a new release
JasonKleban commented
bump
tlhunter commented
This should be available in v5.23.0 and v4.47.0. Is anyone here still having an issue?
L4ngu0r commented
Fix on our side with the v5.23.0 thanks 🙏