-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2022-3517 reported in Trivy scan of cypress version 13.1 and earlier #27766
Comments
@gaccardo-slb We’re open to a pull request to update this. We do security scanning ourselves. Most vulnerabilities are not applicable to the way Cypress is executed however. |
Hey @gaccardo-slb, If relevant, check out our GitHub repo if you wish to learn more, or start using our app. Please feel free to reach us at [email protected] if you have any requests/questions. |
This issue has not had any activity in 180 days. Cypress evolves quickly and the reported behavior should be tested on the latest version of Cypress to verify the behavior is still occurring. It will be closed in 14 days if no updates are provided. |
This issue has been closed due to inactivity. |
Current behavior
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
Desired behavior
Upgrade minimatch to version 3.0.5 or later
Test code to reproduce
none
Cypress Version
13.1.0 and earlier
Node version
18.17
Operating System
ubuntu:kinetic
Debug Logs
Other
No response
The text was updated successfully, but these errors were encountered: