Issue on a dependency - CVE-2023-37466 & CVE-2023-37903

Question

Issue on a dependency - CVE-2023-37466 & CVE-2023-37903

Closed this issue 9 months ago · 2 comments

Hi,

Good day.
Just wanted to inform that we encountered a security issue on one of proxy-agent dependency for its version 5.0.0:

Dependency: vm2
Version: 3.9.19

It is raised under this CVE ID: CVE-2023-37466 & CVE-2023-37903

If this was already discussed and resolution was already delivered. Let us know.
Thank you.

Answer 1 · 2023-12-12T18:35:55.000Z

This issue was already fixed in #224.

Answer 2 · 2023-12-28T07:12:58.000Z

Hi @TooTallNate , thank you for the response. Yes, we concluded that we are not using the version with that commit. We will update the package to include this. Thank you again!