New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GHSA-cggh-pq45-6h9x (llhttp) found on v18.x #143

Open

github-actions bot opened this issue Aug 4, 2023 · 7 comments

Labels

v18.x

github-actions bot commented Aug 4, 2023

A new vulnerability for llhttp 6.0.11 was found:
Vulnerability ID: GHSA-cggh-pq45-6h9x
Vulnerability URL: GHSA-cggh-pq45-6h9x
Failed run: https://github.com/nodejs/nodejs-dependency-vuln-assessments/actions/runs/5756863570

github-actions bot added the v18.x label

Member

mcollina commented Aug 4, 2023

@ShogunPanda I thought we backported this.

ShogunPanda commented Aug 4, 2023

AFAIK we did. @RafaelGSS?

Member

RafaelGSS commented Aug 4, 2023

Member

mhdawson commented Oct 23, 2023

@RafaelGSS what is the conclusion of this one. Has it been addressed or is there more work to be done.

Member

RafaelGSS commented Oct 23, 2023

IIRC the advisory was created using an incorrect version. It was backported.

Member

mhdawson commented Mar 18, 2024

@RafaelGSS should we mark this as a don't believe it affects Node.js or something else?

Member

RafaelGSS commented Mar 19, 2024

At this point, I think we should flag it as don't believe it affects Node.js and close it. Yes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment