SNOW-963939: Axios open CVE - CVE-2023-45857 #691
Comments
github-actions
bot
changed the title
|
hi and thank you for raising this issue with us and keeping an open eye for security vulnerabilities ! we aim to address those on priority and that's why axios is already bumped to 1.6.0 which is a fixed version per https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459:
axios 1.6.0 dependency bump will be released with the pending October release, in the very near future (days) |
sfc-gh-dszmolka
added
security vulnerability
|
Hi @sfc-gh-dszmolka, do you have any updates about the October release? Thanks |
|
unfortunately no and what information i do have, don't want to create expectations which we might not be able to meet. what i can promise that once the release is out, I'll update this issue (and of course it'll be also visible on this repo so automated tracking will show it, Watch > Custom > Releases) thank you everyone for bearing with us while this gets released ! |
|
node.js driver version 1.9.1 released with the fix and is available on npm. thank you all for bearing with us ! |
Please answer these questions before submitting your issue.
In order to accurately debug the issue this information is required. Thanks!
What version of NodeJS driver are you using?
1.9.0
What operating system and processor architecture are you using?
Linux
What version of NodeJS are you using?
20
there is a CVE open for axios 1.6.0 that should be patched within this library:
https://www.cve.org/CVERecord?id=CVE-2023-45857
Snyk Report: https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
The text was updated successfully, but these errors were encountered: