High severity CVEs in version of openapi-typescript used by project

Several high severity CVEs have been created against the version of undici used by the openapi-typescript module.

If possible, please upgrade the version of the openapi module.

undici  <=6.23.0
Severity: high
Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion - https://github.com/advisories/GHSA-g9mf-h72j-4rw9
Undici has an HTTP Request/Response Smuggling issue - https://github.com/advisories/GHSA-2mjp-6q6p-2qxm
Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression - https://github.com/advisories/GHSA-vrm6-8vpv-qv8q
Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation - https://github.com/advisories/GHSA-v9p9-hfj2-hcw8
Undici has CRLF Injection in undici via `upgrade` option - https://github.com/advisories/GHSA-4992-7rv2-5pvq
node_modules/undici
  openapi-typescript  5.1.1 - 6.7.6
  Depends on vulnerable versions of undici
  node_modules/openapi-typescript
    @openapi-contrib/openapi-schema-to-json-schema  >=4.0.1
    Depends on vulnerable versions of openapi-typescript
    node_modules/@openapi-contrib/openapi-schema-to-json-schema

Note: this module is used by [loopback](https://github.com/loopbackio/loopback-next)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

High severity CVEs in version of openapi-typescript used by project #79

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

High severity CVEs in version of openapi-typescript used by project #79

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions