Skip to content
This repository has been archived by the owner on Apr 11, 2023. It is now read-only.

Upgrade Libraries to Fix Critical Vulnerabilities #457

Open
biljanaLukovic opened this issue Nov 10, 2022 · 0 comments
Open

Upgrade Libraries to Fix Critical Vulnerabilities #457

biljanaLukovic opened this issue Nov 10, 2022 · 0 comments

Comments

@biljanaLukovic
Copy link

biljanaLukovic commented Nov 10, 2022

In: test/ui-automation/package-lock.json
Type: Insufficient validation when decoding a Socket.IO packet #113
Severity: Critical
This should be fixed by:

socketio/socket.io-parser@b5d0cb7, included in socket.io-parser@4.2.1
socketio/socket.io-parser@b559f05, included in socket.io-parser@4.0.5

Upgrade:
Vulnerability Type: ReDOS
Severity: High in /cmd/wallet-adapter-web
Library: minimatch
Vulnerable version: 3.0.4
Safe version: 3.1.2

Critical Severity Vulnerability
Type: 'mishandles witness size checking' in
test/mock/adapter/go.sum
Library:
github.com/btcsuite/btcd (Go) < 0.23.2
Upgrade to: 0.23.2

@biljanaLukovic biljanaLukovic changed the title Upgrade Library to Fix Critical Vulnerability Upgrade Libraries to Fix Critical Vulnerabilities Nov 11, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant