Vulnerability versions: 7.0.0 #4894
Assignees
Labels
Comments
urlennia
added
investigate
|
This problem has been addressed in v6. The legacy v5 updates are complete, but pending completion of the test suite which requires some additional manual effort due to Karma being no longer supported. This is my top priority issue. |
|
Ok thanks for the quick response
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: Richard Moore ***@***.***>
Sent: Monday, December 9, 2024 2:09:19 AM
To: ethers-io/ethers.js ***@***.***>
Cc: Mentep Bey ***@***.***>; Author ***@***.***>
Subject: Re: [ethers-io/ethers.js] Vulnerability versions: 7.0.0 (Issue #4894)
This problem has been addressed in v6.
The legacy v5 updates are complete, but pending completion of the test suite which requires some additional manual effort due to Karma being no longer supported. This is my top priority issue.
—
Reply to this email directly, view it on GitHub<#4894 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BNR4CWQKSVMEU3V76TVPMJ32EU6Z7AVCNFSM6AAAAABTIE2AJ2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKMRXGEYTAOJZGI>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Ethers Version
7.0
Search Terms
No response
Describe the Problem
Issue Description
I am encountering a security vulnerability related to the ws package used within @ethersproject/providers. The specific vulnerability is a Denial of Service (DoS) that occurs when handling requests with many HTTP headers, identified by GHSA-3h5v-q93c-6h6q.
Affected Version:
ws versions: 7.0.0 - 7.5.9 (included in @ethersproject/providers)
Steps to Reproduce:
Install @ethersproject/providers which includes the ws dependency.
Run npm audit or npm audit fix.
The vulnerability in ws will be flagged.
Current Status:
The issue is still present with no fix available.
I have attempted updating the ws version manually and using resolutions, but no fix is available as @ethersproject/providers has not updated their dependencies.
Expected Behavior:
The ws dependency should be updated to a version that addresses the security vulnerability.
Additional Notes:
The vulnerability severity is marked as high.
I have reviewed the issue in detail, and no fix is available yet through npm audit fix or other standard methods.
Code Snippet
No response
Contract ABI
No response
Errors
No response
Environment
No response
Environment (Other)
No response
The text was updated successfully, but these errors were encountered: