Skip to content

High synk vulnerability. Regular Expression Denial of Service #1467

Description

@vardeyk-yellow

Questions?

There's a high SYNK vulnerabilty which was introduced through kafka-node@5.0.0 > snappy@6.3.5 > prebuild-install@5.3.0 > npmlog@4.1.2 > gauge@2.7.4 > strip-ansi@3.0.1 > ansi-regex@2.1.1

Bug Report

Environment

  • Node version: v14.20.0
  • Kafka-node version:kafka-node@5.0.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions