Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Version bump path-to-regexp #204

Open
spirrello opened this issue Jan 7, 2025 · 4 comments · May be fixed by #205
Open

Version bump path-to-regexp #204

spirrello opened this issue Jan 7, 2025 · 4 comments · May be fixed by #205
Assignees
@gastonfournier
Labels
dependencies Pull requests that update a dependency file

Comments

@spirrello
Copy link

Describe the bug

Hello,

The path-to-regexp is currently affected by CVE-2024-52798 and is listed as a high vulnerability. Could you please consider bumping the version to a newer release that is not affected? Our container image scanning is picking this up and it would be great to get this resolved so we can continue using the proxy.

Link to the vulnerability details: https://nvd.nist.gov/vuln/detail/CVE-2024-52798

Steps to reproduce the bug

Run any vulnerability scan on this repo and it will pick up the CVE.

Expected behavior

Zero vulnerabilities listed as high.

Logs, error output, etc.

No response

Screenshots

No response

Additional context

No response

Unleash version

1.4.8

Subscription type

None

Hosting type

None

SDK information (language and version)

No response
@spirrello spirrello added the bug Something isn't working label Jan 7, 2025
@gastonfournier
Copy link
Contributor

Hi, feel free to open a PR. This repo is in maintenance mode and we recommend using unleash-edge instead.

@gastonfournier gastonfournier moved this from New to For later in Issues and PRs Jan 8, 2025
@spirrello
Copy link
Author

@gastonfournier can you add me as a contributor so I open a PR? I tried to push a branch but its not working.

@gastonfournier
Copy link
Contributor

Hi @spirrello, usually you have to fork the repo and from your fork you can open a PR. Here's a detailed explanation of how to do it: https://docs.github.com/en/get-started/exploring-projects-on-github/contributing-to-a-project

@spirrello spirrello linked a pull request Jan 10, 2025 that will close this issue
Open
@spirrello
Copy link
Author

@gastonfournier Thx, I've opened #205.

@gastonfournier gastonfournier self-assigned this Jan 10, 2025
@gastonfournier gastonfournier added dependencies Pull requests that update a dependency file and removed bug Something isn't working labels Jan 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gastonfournier gastonfournier

Labels
dependencies Pull requests that update a dependency file
Projects
Issues and PRs
Status: For later
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bumped express to version 4.21.2. This was required to resolve CVE-2… spirrello/unleash-proxy
2 participants
@gastonfournier @spirrello