Description
bolt-js is currently utilising axios v0.19.0 which is affected by CVE-2020-28168 (SNYK-JS-AXIOS-1038255) which is present in all versions of axios prior to v0.21.1.
Vuln was fixed in v0.21.1 - axios/axios#3410
What type of issue is this? (place an x in one of the [ ])
Requirements (place an x in each of the [ ])
Bug Report
Filling out the following details about bugs will help us solve your issue sooner.
Reproducible in:
package version: 2.5.0
node version: 15.0.1
OS version(s): MacOS 11.1
Steps to reproduce:
- Scanned via Snyk: https://app.snyk.io/test/npm/@slack/bolt/2.5.0
Expected result:
N/A
Actual result:
N/A
Attachments:
CVE Entry: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28168
Snyk Vuln DB: https://app.snyk.io/vuln/SNYK-JS-AXIOS-1038255
Description
bolt-js is currently utilising axios v0.19.0 which is affected by CVE-2020-28168 (SNYK-JS-AXIOS-1038255) which is present in all versions of axios prior to v0.21.1.
Vuln was fixed in v0.21.1 - axios/axios#3410
What type of issue is this? (place an
xin one of the[ ])Requirements (place an
xin each of the[ ])Bug Report
Filling out the following details about bugs will help us solve your issue sooner.
Reproducible in:
package version: 2.5.0
node version: 15.0.1
OS version(s): MacOS 11.1
Steps to reproduce:
Expected result:
N/A
Actual result:
N/A
Attachments:
CVE Entry: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28168
Snyk Vuln DB: https://app.snyk.io/vuln/SNYK-JS-AXIOS-1038255