Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSRF bug in old AXIOS lib #3

Closed
Xotabu4 opened this issue Nov 29, 2023 · 2 comments
Closed

CSRF bug in old AXIOS lib #3

Xotabu4 opened this issue Nov 29, 2023 · 2 comments
Assignees
@simo-an
Labels
pending triage

Comments

@Xotabu4
Copy link

Xotabu4 commented Nov 29, 2023

AgoraRTC SDK version

latest

Fail Rate

100%

Link to minimal reproduction

https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Steps to reproduce

https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

What is expected?

No security issues

What is actually happening?

security issue

System Info

No response

Any additional comments?

No response
@simo-an
Copy link
Contributor

simo-an commented Dec 1, 2023

This issue was submit here: axios/axios#6022
agora-rtc-sdk-ng is using axios@0.27.2 which is not included in the vulnerability versions.

17001147411912

So there is no related security issus.

We also consider to upgrade axios to latest version at next version

@simo-an simo-an self-assigned this Dec 1, 2023
@simo-an
Copy link
Contributor

simo-an commented Mar 28, 2024

we have upgrade axios's version to 1.6.7 at agora-rtc-sdk-ng@4.20.2

@simo-an simo-an closed this as completed Mar 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@simo-an simo-an

Labels
pending triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Xotabu4 @simo-an