ibmdb/node-ibm_db

Update Axios

huineng opened this issue · 1 comments

huineng commented

Could you please update axios to a newer version .. eg 1.6.1
the version you have as dependency 1.5.0 is vulnerable

ID              SEVERITY  DESCRIPTION
CVE-2023-45857  high      An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies
                           by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers
                           to view sensitive information.

thanks

bimalkjha commented

@huineng It is already fixed by PR #964 and will be available as part of next release. We are trying to release a new version of ibm_db with updated axios in 2-3 days. Thanks.

  • 👍1