-
Notifications
You must be signed in to change notification settings - Fork 177
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#CVE-2022-37620 in 1.10.3 (html-minifier@4.0.0 dependency) #1092
Comments
It should be resolved in mailer version 1.11.0. If there are any other issues, please do not hesitate to let me know |
@juandav, this is still valid in 1.11.2:
|
@juandav +1. Opened a pull request. I suggest moving the mjml into optional dependencies, since it is simply just an optional adapter |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
ReDoS vulnerability has been found in html-minifier@4.0.0, which is a transitive dependency of the mailer package.
Details
Vulnerability information: https://nvd.nist.gov/vuln/detail/CVE-2022-37620
mjml
package ticket: mjmlio/mjml#2802html-minifier
package ticket: kangax/html-minifier#1135Unfortunately, the latter one doesn't seem to be maintained anymore.
Dependency tree:
The text was updated successfully, but these errors were encountered: