CVE-2021-23406 in pac-resolver
atif1996 opened this issue · 1 comments
atif1996 commented
We are getting alerts because pac-resolver NPM package used by the project needs to be upgraded to mitigate a CVE. Please see details below:
Vulnerability Description
The library pac-resolver version 4.2.0 was detected in NPM library manager located at /app/package-lock.json and is vulnerable to CVE-2021-23406, which exists in versions < 5.0.0.
The vulnerability was found in the Github Security Advisory with vendor severity: High (NVD severity: Critical).
The vulnerability can be remediated by updating the library to version 5.0.0 or higher, using npm update pac-resolver.
Flydiverny commented
pac-resolver was bumped in 8.3.1