Axios-module: High vulnerability - Denial of Service

Created on 17 May 2020  路  4Comments  路  Source: nuxt-community/axios-module


npm audit security report for axios module

version: 5.10.3
path: @nuxtjs/axios > @nuxtjs/proxy > http-proxy-middleware > http-proxy


Screenshot from 2020-05-17 07-15-26

Most helpful comment

v5.11.0 released with @nuxtjs/proxy@2

All 4 comments

Hi @artmarydotir thanks for reporting :green_heart: I'm going to update both proxy and axios modules however according to the advisory#1486, it is not effective on the way we use middleware:

This is only possible when the proxy server sets headers in the proxy request using the proxyReq.setHeader function.

Update: Also locally tried and it is not stopping server.

understood if this does not directly impact the software. however some of us are using vulnerability scanning software in company repos and this still gets flagged as a HIGH... which is a problem for us because... build systems.

any chance you could accelerate a release for this dep?

willing to PR the dep bump into the repo if desired @pi0 thx! :)

v5.11.0 released with @nuxtjs/proxy@2

隆gracias se帽or!

Was this page helpful?
0 / 5 - 0 ratings

Related issues

cawa-93 picture cawa-93  路  4Comments

mclighter picture mclighter  路  3Comments

seanwash picture seanwash  路  6Comments

kaboume picture kaboume  路  4Comments

lsbyerley picture lsbyerley  路  4Comments