Skip to content

Commit 7e1f5d3

Browse files
keith-oakkeith-oak
committed
fix: update cookie dependency to ^0.7.0 to address CVE-2024-47764
Updates the cookie package from ^0.5.0 to ^0.7.0 to fix a critical security vulnerability (CVE-2024-47764) that allows malicious cookie values to inject unexpected key-value pairs into JavaScript objects. The vulnerability could allow attackers to inject special properties like __proto__, constructor, or prototype through malicious cookie values. Cookie 0.7.0 includes proper validation to prevent these injection attacks while maintaining backward compatibility.
1 parent 11fe14d commit 7e1f5d3

2 files changed

Lines changed: 9 additions & 8 deletions

File tree

package-lock.json

Lines changed: 8 additions & 7 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@
3939
"cli-progress": "^3.12.0",
4040
"commander": "^9.5.0",
4141
"concurrently": "^7.6.0",
42-
"cookie": "^0.5.0",
42+
"cookie": "^0.7.0",
4343
"devcert": "^1.2.0",
4444
"dotenv": "^16.4.5",
4545
"finalhandler": "^1.2.0",

0 commit comments

Comments
 (0)