You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I’ve noticed that the graphdb.js package has dependency vulnerabilities due to outdated versions of axios and ip. These issues were identified during an npm audit. Below are the details:
Issue: Server-Side Request Forgery (SSRF) in isPublic.
Affected Versions: All.
Reference: GHSA-2p57-rm9w-gvfp.
Impact: High.
To Reproduce
Install the latest version of graphdb.js (3.0.4).
Run npm audit or npm install.
Observe the reported vulnerabilities related to axios and ip.
The text was updated successfully, but these errors were encountered:
Library version [e.g. 1.1.2]
3.0.4
Node.js version [e.g. 8.16.0]
18.3.0
Describe the bug
I’ve noticed that the graphdb.js package has dependency vulnerabilities due to outdated versions of axios and ip. These issues were identified during an npm audit. Below are the details:
Axios Vulnerability
Issue: Cross-Site Request Forgery (CSRF).
Affected Versions: 0.8.1 - 0.27.2.
Reference: GHSA-wf5p-g6vw-rhxx.
Impact: Moderate.
Issue: Server-Side Request Forgery (SSRF) in isPublic.
Affected Versions: All.
Reference: GHSA-2p57-rm9w-gvfp.
Impact: High.
To Reproduce
Install the latest version of graphdb.js (3.0.4).
Run npm audit or npm install.
Observe the reported vulnerabilities related to axios and ip.
The text was updated successfully, but these errors were encountered: