Node-v3 icon indicating copy to clipboard operation
Node-v3 copied to clipboard
verified publisher icon Flutterwave

Issue with request package and CVE

Open Yasholma opened this issue 2 years ago • 3 comments

Have you read our Code of Conduct? By filing an Issue, you are expected to comply with it, including treating everyone with respect.

Description

I have found out there is a vulnerability issue with one of your packages "request": "~2.88.2", this package however is out of date and no new updated will be done on it as stated here: https://github.com/request/request/issues/3455, please can you consider to review this package and if possible replace it from your end ?

Yasholma avatar Jul 10 '23 12:07 Yasholma

Hello @Yasholma Thanks for this! It is not a good move to report security vulnerabilities via GitHub issues. The proper way is to send a mail. Why? This issue is public. Hackers can see it and take advantage of it.

Cheers!

orimdominic avatar Jul 26 '23 14:07 orimdominic

this issue's still not fixed yet. more vulnerabilities have creeped in since then. They're 4 in number.

The flutterwave maintainers should consider using one of these alternatives

reason: the maintainers of request won't maintain it anymore as stated here

bytes-of-tsena avatar Dec 01 '23 17:12 bytes-of-tsena

if you're paranoid, you can use this instead :handshake:

winterrdog avatar Jan 05 '24 13:01 winterrdog