Can this still be fixed v2.41.0 has high severity vulnerability
jusfeel opened this issue · 1 comments
jusfeel commented
I have no control over the source code, so just want to ask in case this version is still maintained.
https://github.com/node-modules/urllib/releases/tag/2.41.0
ip <=1.1.8
Severity: high
NPM IP package vulnerable to Server-Side Request Forgery (SSRF) attacks - https://github.com/advisories/GHSA-78xj-cgh5-2h22
fix available via `npm audit fix`
node_modules/urllib/node_modules/ip
urllib 2.27.0 - 3.0.0-alpha.1
Depends on vulnerable versions of ip
node_modules/urllib
2 high severity vulnerabilities
node 20.11.0
npm 10.2.4
fengmk2 commented
Please upgrade to use urllib@3