node-modules/urllib

Can this still be fixed v2.41.0 has high severity vulnerability

jusfeel opened this issue · 1 comments

I have no control over the source code, so just want to ask in case this version is still maintained.

https://github.com/node-modules/urllib/releases/tag/2.41.0

image

ip  <=1.1.8
Severity: high
NPM IP package vulnerable to Server-Side Request Forgery (SSRF) attacks - https://github.com/advisories/GHSA-78xj-cgh5-2h22
fix available via `npm audit fix`
node_modules/urllib/node_modules/ip
  urllib  2.27.0 - 3.0.0-alpha.1
  Depends on vulnerable versions of ip
  node_modules/urllib

2 high severity vulnerabilities

node 20.11.0
npm 10.2.4

Please upgrade to use urllib@3