Axios Cross-Site Request Forgery Vulnerability
20 views
Skip to first unread message
Cupid Chan
Jun 20, 2024, 1:12:49 PMJun 20
to Developer Group for CMS Blue Button API
Anyone know if this issue is reported to the Blue Button team and when will this be fixed?
# npm audit report
axios 0.8.1 - 0.27.2
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
No fix available
node_modules/cms-bluebutton-sdk/node_modules/axios
cms-bluebutton-sdk *
Depends on vulnerable versions of axios
node_modules/cms-bluebutton-sdk
2 moderate severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
axios 0.8.1 - 0.27.2
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
No fix available
node_modules/cms-bluebutton-sdk/node_modules/axios
cms-bluebutton-sdk *
Depends on vulnerable versions of axios
node_modules/cms-bluebutton-sdk
2 moderate severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
Jillian Theil
Jun 20, 2024, 6:01:37 PMJun 20
to Developer Group for CMS Blue Button API
Hello Cupid -
We have a ticket for this that is actively in progress by our team. We will send an update when it has been deployed.
Best,
-The Blue Button 2.0 Team
Developer Group for CMS Blue Button API
Jun 26, 2024, 5:22:59 PM (10 days ago) Jun 26
to Developer Group for CMS Blue Button API
Hi Cupid,
- The Blue Button Team
We have addressed these vulnerabilities by making an update in Release 1.0.2, which was deployed earlier today.
Thank you again for bringing this to our attention.
- The Blue Button Team
Reply all
Reply to author
Forward
0 new messages