external-secrets/kubernetes-external-secrets

CVE-2021-23406 in pac-resolver

atif1996 opened this issue · 1 comments

We are getting alerts because pac-resolver NPM package used by the project needs to be upgraded to mitigate a CVE. Please see details below:

Vulnerability Description
The library pac-resolver version 4.2.0 was detected in NPM library manager located at /app/package-lock.json and is vulnerable to CVE-2021-23406, which exists in versions < 5.0.0.
The vulnerability was found in the Github Security Advisory with vendor severity: High (NVD severity: Critical).
The vulnerability can be remediated by updating the library to version 5.0.0 or higher, using npm update pac-resolver.

Link: https://nvd.nist.gov/vuln/detail/CVE-2021-23406

pac-resolver was bumped in 8.3.1