Skip to content

Commit

Permalink
Merge pull request #828 from snyk/fix/trigger-release-after-vuln-ignore
Browse files Browse the repository at this point in the history 
fix: add ws mitigated vuln info in security.md
  • Loading branch information
@aarlaud
aarlaud authored Aug 27, 2024
2 parents 26b7ec6 + 0724d9e commit 068b422
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,4 @@ Please do not log security concerns as GitHub issues, as that could alert attack
| [CVE-2020-7652](https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570611) | < 4.80.0 | Allows arbitrary file reads by renaming files to match whitelisted paths | Wing Chan of The Hut Group |
| [CVE-2020-7653](https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612) | < 4.80.0 | Allows arbitrary file reads by creating symlinks to match whitelisted paths | Wing Chan of The Hut Group |
| [CVE-2020-7654](https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613) | <= 4.73.0 | Logs private keys if logging level is set to DEBUG | Wing Chan of The Hut Group |
| [CVE-2024-37890](https://security.snyk.io/vuln/SNYK-JS-WS-7266574) | <= 4.191.0 | Denial of Service negligible risk for Broker use case. Mitigated from 4.191.1 | Ryan LaPointe |

0 comments on commit 068b422

Please sign in to comment.