Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Critical dependency error during install: formidable <3.2.4 #1296

Open
stephfoxy opened this issue Apr 24, 2024 · 0 comments
Open

Critical dependency error during install: formidable <3.2.4 #1296

stephfoxy opened this issue Apr 24, 2024 · 0 comments

Comments

@stephfoxy
Copy link

On install via npm I got a critical vulnerability for formidable <3.2.4

Error msg:
formidable <3.2.4
Severity: critical
Formidable arbitrary file upload - GHSA-8cp3-66vr-3r4c
No fix available
node_modules/formidable
superagent 0.4.0 - 8.1.2
Depends on vulnerable versions of formidable
node_modules/superagent
supertest *
Depends on vulnerable versions of superagent
node_modules/supertest

Looks like the team maintaining Formidable don't agree with the vulnerability rating and are trying to get it reviewed, but the current flagging may present issues for others trying to install also.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stephfoxy and others