CVE-2024-45296: path-to-regexp update needed

Question

CVE-2024-45296: path-to-regexp update needed

steuraa opened this issue 4 months ago · 2 comments

steuraa commented 4 months ago

Scope

Improves an existing behavior

Compatibility

This is a breaking change

Feature description

Hello, currently we can't build our application anymore due to MSW having the path-to-regexp package as a dependency which is causing a CVE warning.
See https://nvd.nist.gov/vuln/detail/CVE-2024-45296.
Is there any change this could be quickly patched?

Answer 1 · 2024-09-11T14:19:23.000Z

pillarjs/path-to-regexp#323

Answer 2 · 2024-09-11T14:46:56.000Z

Closing this as it's a duplicate of #2270