Vulnerable Dependency Axios

npm audit report
 
axios  <=0.30.1
Severity: high
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
Axios is vulnerable to DoS attack through lack of data size check - https://github.com/advisories/GHSA-4hjh-wcwx-xvwj
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL - https://github.com/advisories/GHSA-jr5f-v2jv-69x6
fix available via `npm audit fix --force`
Will install @domoinc/ryuu-proxy@4.0.6, which is a breaking change
node_modules/ryuu-client/node_modules/axios
node_modules/ryuu/node_modules/@domoinc/ryuu-proxy/node_modules/axios
node_modules/ryuu/node_modules/axios
  @domoinc/ryuu-proxy  4.0.6-beta-1 - 4.0.6-beta-2 || >=4.1.0-beta-1
  Depends on vulnerable versions of axios
  Depends on vulnerable versions of ryuu
  Depends on vulnerable versions of ryuu-client
  node_modules/@domoinc/ryuu-proxy
  node_modules/ryuu/node_modules/@domoinc/ryuu-proxy
    ryuu  4.0.3-alpha - 4.0.3-beta-7 || >=4.1.0
    Depends on vulnerable versions of @domoinc/ryuu-proxy
    Depends on vulnerable versions of axios
    Depends on vulnerable versions of ryuu-client
    node_modules/ryuu
  ryuu-client  4.0.5-alpha - 4.0.5-beta-1 || >=4.1.0
node_modules/ryuu-client/node_modules/axios
node_modules/ryuu/node_modules/@domoinc/ryuu-proxy/node_modules/axios
node_modules/ryuu/node_modules/axios
  @domoinc/ryuu-proxy  4.0.6-beta-1 - 4.0.6-beta-2 || >=4.1.0-beta-1
  Depends on vulnerable versions of axios
  Depends on vulnerable versions of ryuu
  Depends on vulnerable versions of ryuu-client
  node_modules/@domoinc/ryuu-proxy
  node_modules/ryuu/node_modules/@domoinc/ryuu-proxy
    ryuu  4.0.3-alpha - 4.0.3-beta-7 || >=4.1.0
    Depends on vulnerable versions of @domoinc/ryuu-proxy
    Depends on vulnerable versions of axios
    Depends on vulnerable versions of ryuu-client
    node_modules/ryuu
  ryuu-client  4.0.5-alpha - 4.0.5-beta-1 || >=4.1.0
node_modules/ryuu/node_modules/axios
  @domoinc/ryuu-proxy  4.0.6-beta-1 - 4.0.6-beta-2 || >=4.1.0-beta-1
  Depends on vulnerable versions of axios
  Depends on vulnerable versions of ryuu
  Depends on vulnerable versions of ryuu-client
  node_modules/@domoinc/ryuu-proxy
  node_modules/ryuu/node_modules/@domoinc/ryuu-proxy
    ryuu  4.0.3-alpha - 4.0.3-beta-7 || >=4.1.0
    Depends on vulnerable versions of @domoinc/ryuu-proxy
    Depends on vulnerable versions of axios
    Depends on vulnerable versions of ryuu-client
    node_modules/ryuu
  ryuu-client  4.0.5-alpha - 4.0.5-beta-1 || >=4.1.0
  Depends on vulnerable versions of axios
  Depends on vulnerable versions of ryuu
  Depends on vulnerable versions of ryuu-client
  node_modules/@domoinc/ryuu-proxy
  node_modules/ryuu/node_modules/@domoinc/ryuu-proxy
    ryuu  4.0.3-alpha - 4.0.3-beta-7 || >=4.1.0
    Depends on vulnerable versions of @domoinc/ryuu-proxy
    Depends on vulnerable versions of axios
    Depends on vulnerable versions of ryuu-client
    node_modules/ryuu
  ryuu-client  4.0.5-alpha - 4.0.5-beta-1 || >=4.1.0
  Depends on vulnerable versions of ryuu-client
  node_modules/@domoinc/ryuu-proxy
  node_modules/ryuu/node_modules/@domoinc/ryuu-proxy
    ryuu  4.0.3-alpha - 4.0.3-beta-7 || >=4.1.0
    Depends on vulnerable versions of @domoinc/ryuu-proxy
    Depends on vulnerable versions of axios
    Depends on vulnerable versions of ryuu-client
    node_modules/ryuu
  ryuu-client  4.0.5-alpha - 4.0.5-beta-1 || >=4.1.0
  node_modules/ryuu/node_modules/@domoinc/ryuu-proxy
    ryuu  4.0.3-alpha - 4.0.3-beta-7 || >=4.1.0
    Depends on vulnerable versions of @domoinc/ryuu-proxy
    Depends on vulnerable versions of axios
    Depends on vulnerable versions of ryuu-client
    node_modules/ryuu
  ryuu-client  4.0.5-alpha - 4.0.5-beta-1 || >=4.1.0
    Depends on vulnerable versions of @domoinc/ryuu-proxy
    Depends on vulnerable versions of axios
    Depends on vulnerable versions of ryuu-client
    node_modules/ryuu
  ryuu-client  4.0.5-alpha - 4.0.5-beta-1 || >=4.1.0
    Depends on vulnerable versions of axios
    Depends on vulnerable versions of ryuu-client
    node_modules/ryuu
  ryuu-client  4.0.5-alpha - 4.0.5-beta-1 || >=4.1.0
    Depends on vulnerable versions of ryuu-client
    node_modules/ryuu
  ryuu-client  4.0.5-alpha - 4.0.5-beta-1 || >=4.1.0
    node_modules/ryuu
  ryuu-client  4.0.5-alpha - 4.0.5-beta-1 || >=4.1.0
  Depends on vulnerable versions of axios
  node_modules/ryuu-client
  ryuu-client  4.0.5-alpha - 4.0.5-beta-1 || >=4.1.0
  Depends on vulnerable versions of axios
  node_modules/ryuu-client
  Depends on vulnerable versions of axios
  node_modules/ryuu-client
 
4 high severity vulnerabilities

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vulnerable Dependency Axios #72

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Vulnerable Dependency Axios #72

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions