On 1/30/25 22:26, Salvatore Bonaccorso wrote:
Hi,
On Thu, Jan 30, 2025 at 06:55:08PM +0100, Yadd wrote:
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: node-ax...@packages.debian.org
Control: affects -1 + src:node-axios
User: release.debian....@packages.debian.org
Usertags: pu
[ Reason ]
In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a
URL object when determining an origin, and has a potentially
unwanted setAttribute('href',href) call.
[...]
Do you know what happened to the 1.2.1+dfsg-1+deb12u1 version?
According to the git commit this was aimed to fix CVE-2023-45857 via a
point release as well but never got uploaded?
Regards,
Salvatore
Hi,
I don't remember what happened here.
Best regards,
Xavier
