Axios (serverless dependency) high priority CSRF vulnerability, upgrade to 1.6.0 #12230

jnovek · 2023-10-31T13:15:33Z

jnovek
Oct 31, 2023

The axios package which is used by serverless/platform-client had a high-priority CSRF vulnerability flagged by snyk this morning. Here's the snyk report:

https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Looks like the CVE is still a WIP.

Is this repo the appropriate place to report this issue or is there a separate issue board for platform-client?

filbertasurion · 2023-11-22T09:25:46Z

filbertasurion
Nov 22, 2023

Any updates on this?

0 replies

jnovek · 2023-11-22T13:28:56Z

jnovek
Nov 22, 2023
Author

Yup! Here's the ticket --

#12232

Resolved in 3.37.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Axios (serverless dependency) high priority CSRF vulnerability, upgrade to 1.6.0 #12230

{{title}}

Replies: 2 comments

{{title}}

{{title}}

Select a reply

Axios (serverless dependency) high priority CSRF vulnerability, upgrade to 1.6.0 #12230

jnovek Oct 31, 2023

Replies: 2 comments

filbertasurion Nov 22, 2023

jnovek Nov 22, 2023 Author

jnovek
Oct 31, 2023

filbertasurion
Nov 22, 2023

jnovek
Nov 22, 2023
Author