Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

High synk vulnerability. Regular Expression Denial of Service #1467

Open
vardeyk-yellow opened this issue Nov 23, 2022 · 1 comment
Open

High synk vulnerability. Regular Expression Denial of Service #1467

vardeyk-yellow opened this issue Nov 23, 2022 · 1 comment

Comments

@vardeyk-yellow
Copy link

Questions?

There's a high SYNK vulnerabilty which was introduced through kafka-node@5.0.0 > snappy@6.3.5 > prebuild-install@5.3.0 > npmlog@4.1.2 > gauge@2.7.4 > strip-ansi@3.0.1 > ansi-regex@2.1.1

Bug Report

Environment

  • Node version: v14.20.0
  • Kafka-node version:kafka-node@5.0.0
@Globant-Eduardo-Cerda
Copy link

Should be solved adding "overrides": { "snappy": "^7.0.1" } to your package.json

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vardeyk-yellow @Globant-Eduardo-Cerda