Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: fixed axios vulnerability CVE-2024-28849 #1395

Merged
merged 1 commit into from
Mar 26, 2024
Merged

chore: fixed axios vulnerability CVE-2024-28849 #1395

merged 1 commit into from
Mar 26, 2024

Conversation

tiwarishubham635
Copy link
Contributor

Fixes

Axios has a dependency of follow-redirects which has a vulnerability in it. Axios has updated its packages to a version that doesn't include the vulnerability but now we need sendgrid to update Axios to match this.

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials too. This vulnerability may lead to credentials leak, but has been addressed in version 1.15.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Axios has updated to 1.15.6 in their most recent patch of 1.6.8 which should remedy this

Checklist

  • I acknowledge that all my contributions will be made under the project's license
  • I have made a material change to the repo (functionality, testing, spelling, grammar)
  • I have read the Contribution Guidelines and my PR follows them
  • I have titled the PR appropriately
  • I have updated my branch with the main branch
  • I have added tests that prove my fix is effective or that my feature works
  • I have added the necessary documentation about the functionality in the appropriate .md file
  • I have added inline documentation to the code I modified

If you have questions, please file a support ticket.

@tiwarishubham635 tiwarishubham635 requested a review from kridai March 25, 2024 13:01
@tiwarishubham635 tiwarishubham635 merged commit 6352a5e into main Mar 26, 2024
13 checks passed
@tiwarishubham635 tiwarishubham635 deleted the fix_axios branch March 26, 2024 06:57
@ale-sanchez-g ale-sanchez-g mentioned this pull request May 29, 2024
Merged
@ale-sanchez-g ale-sanchez-g mentioned this pull request Jun 5, 2024
Merged
@issam-seghir issam-seghir mentioned this pull request Sep 7, 2024
Open
@paaschdigital paaschdigital mentioned this pull request Sep 9, 2024
Open
This was referenced Sep 10, 2024
Open
Open
Open
Open
@issam-seghir issam-seghir mentioned this pull request Sep 19, 2024
Open
@wearrrrr wearrrrr mentioned this pull request Sep 21, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@manisha1997 manisha1997 manisha1997 approved these changes

@kridai kridai Awaiting requested review from kridai

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tiwarishubham635 @manisha1997