Skip to content
This repository has been archived by the owner on Sep 4, 2024. It is now read-only.

Axios Cross-Site Request Forgery Vulnerability #116

Closed
KoenRijpstra opened this issue Jan 29, 2024 · 5 comments
Closed

Axios Cross-Site Request Forgery Vulnerability #116

KoenRijpstra opened this issue Jan 29, 2024 · 5 comments
Assignees
@JesseTheRobot

Comments

@KoenRijpstra
Copy link

Steps to Reproduce:

  1. npm install @irys/sdk
  2. npm audit
# npm audit report

axios  0.8.1 - 1.5.1
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
No fix available
node_modules/aptos/node_modules/axios
  aptos  <=1.13.3
  Depends on vulnerable versions of axios
  node_modules/aptos
    @irys/sdk  *
    Depends on vulnerable versions of aptos
    node_modules/@irys/sdk
@KoenRijpstra KoenRijpstra mentioned this issue Jan 29, 2024
Closed
@JesseTheRobot
Copy link
Member

hey @KoenRijpstra , thanks for the issue - I'll be releasing a fix for this later today

@JesseTheRobot JesseTheRobot self-assigned this Feb 2, 2024
@JesseTheRobot
Copy link
Member

The latest SDK version now uses the latest version of axios

@KoenRijpstra
Copy link
Author

@JesseTheRobot Latest SDK version still has this error.

@JesseTheRobot JesseTheRobot reopened this Feb 26, 2024
@JesseTheRobot
Copy link
Member

@KoenRijpstra It would appear so - the issues are now with a few of the SDK's deps, which I will attempt to update shortly (major one is aptos, which has a PR (#120) pending which should resolve most of the problem)

@JesseTheRobot
Copy link
Member

Hey @KoenRijpstra , this should be fixed now.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@JesseTheRobot JesseTheRobot

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@KoenRijpstra @JesseTheRobot