Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential vulnerability CVE-2022-0691 due to dependency on url-parse. #747

Closed
econner opened this issue Mar 18, 2022 · 1 comment
Closed

Potential vulnerability CVE-2022-0691 due to dependency on url-parse. #747

econner opened this issue Mar 18, 2022 · 1 comment
Labels
type: security known security issue

Comments

@econner
Copy link

econner commented Mar 18, 2022

Issue Summary

Version 3.75.1 of this library (the latest) is potentially vulnerable to CVE-2022-0691 due to dependency on url-parse 1.5.6.

See https://nvd.nist.gov/vuln/detail/cve-2019-10744

The issue can be fixed by upgrading to 1.5.9.

Thanks.

Technical details:

  • twilio-node version: 3.75.1
  • node version: 14.19.0
@JenniferMah JenniferMah mentioned this issue Mar 21, 2022
Merged
@JenniferMah
Copy link
Contributor

Hi @econner! Thanks for brining this to our attention. I've opened a PR to update this dependency. This change should be included in the next release on 3/23/22.

@JenniferMah JenniferMah added type: security known security issue status: help wanted requesting help from the community labels Mar 21, 2022
@childish-sambino childish-sambino removed the status: help wanted requesting help from the community label Mar 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: security known security issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@econner @JenniferMah @childish-sambino