You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on May 30, 2024. It is now read-only.
Describe the bug
There is a security vulnerability in the async dependency. Version 7.0.0 of node-server-sdk currently has a dependency on async version 3.0.0 which is considered a high security risk according to NIST.
In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.
Updating the async dependency to version 3.2.2 resolves the security issue.
Is this a support request?
No.
Describe the bug
There is a security vulnerability in the
asyncdependency. Version7.0.0ofnode-server-sdkcurrently has a dependency onasyncversion3.0.0which is considered a high security risk according to NIST.Updating the
asyncdependency to version 3.2.2 resolves the security issue.To reproduce
N/A
Expected behavior
N/A
Logs
N/A
SDK version
N/A
Language version, developer tools
N/A
OS/platform
N/A
Additional context
https://nvd.nist.gov/vuln/detail/CVE-2021-43138