Formiddable CVE #12440
-
|
I noticed that a dependency of serverless, formidable, has a critical CVE. Serverless@3.38 uses formidable@2.1.1 which is vulnerable according to GHSA-8cp3-66vr-3r4c. Fix version is formidable@3.2.4. Since overriding would mean moving across major versions. I'm worried about breaking changes. Does anyone know if this is safe to do so or if there is any other workaround for this CVE? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
The CVE referenced for formidable (GHSA-8cp3-66vr-3r4c) has actually been withdrawn, meaning it’s no longer considered a valid vulnerability. As a result, upgrading to formidable@3.2.4 specifically for this CVE isn’t necessary. You should be able to continue using the current version without security concerns related to this advisory. For more information, you can check the advisory status directly on GitHub. |
Beta Was this translation helpful? Give feedback.
The CVE referenced for formidable (GHSA-8cp3-66vr-3r4c) has actually been withdrawn, meaning it’s no longer considered a valid vulnerability.
As a result, upgrading to formidable@3.2.4 specifically for this CVE isn’t necessary. You should be able to continue using the current version without security concerns related to this advisory.
For more information, you can check the advisory status directly on GitHub.