Replies: 2 comments
-
No ETA, due to #55951 (comment). |
Beta Was this translation helpful? Give feedback.
0 replies
-
This is being discussed in nodejs/nodejs-dependency-vuln-assessments#193. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
CVE ID: GHSA-3xgq-45jj-v275
Severity: High
Description: The vulnerability allows an attacker to exploit an insecure configuration or flaw in the container to gain unauthorized access, escalate privileges, or execute arbitrary code remotely.
This high severity vulnerability has been resolved in NPM and the fix to bump the version was merged 3 days ago (#55951) but there still isn't a new release with this fix so the Docker images still have this vulnerability present, which is blocking my team from releasing new code. Is there an ETA on the next release (18.20.6)?
Beta Was this translation helpful? Give feedback.
All reactions