Amplify-js: @aws-amplify/api has a vulnerable dependency, Axios:0.17.0

Created on 4 Jun 2019  路  2Comments  路  Source: aws-amplify/amplify-js

@aws-amplify/api current version has a vulnerable dependency Axios: 0.17.0

Vulnerable versions: <= 0.18.0
Patched version: 0.19.0

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.

upgrading to 0.19.0 fixes the issue.

picture mrowe009
👍3

Most helpful comment

Hey @mrcoles, we bumped the axios version in this pr:
https://github.com/aws-amplify/amplify-js/pull/3377

It will be published to npm latest soon. Thanks for the heads up.

picture jordanranz on 4 Jun 2019
👍4

All 2 comments

Hey @mrcoles, we bumped the axios version in this pr:
https://github.com/aws-amplify/amplify-js/pull/3377

It will be published to npm latest soon. Thanks for the heads up.

jordanranz picture jordanranz on 4 Jun 2019
👍4

@jordanranz how do we get this update?

mrowe009 picture mrowe009 on 7 Jun 2019
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

cgarvis picture cgarvis  路  3Comments
oste picture oste  路  3Comments
DougWoodCDS picture DougWoodCDS  路  3Comments
TheRealRed7 picture TheRealRed7  路  3Comments
guanzo picture guanzo  路  3Comments