Type of issue
BUG
In a scan for one of our repos, we found a security issue inside Yo where "http-cache-semantics" is vulnerable to Regular Expression D-O-S:
CVE-2022-25881
This is caused by a transitive dependency found in the current version of Yo :
"yo@4.3.0 requires http-cache-semantics@3.8.1 via a transitive dependency on cacheable-request@2.1.4"
The version of "http-cache-semantics" that is secure is 4.1.1.
Updating to Yo 4.3.1. did not fix this issue.
My environment
- OS version/details:
Windows 10 64-bit
- Node version:
16.8.1 (run node --version in your terminal)
- npm version:
8.12.1 (run npm --version in your terminal)
- Version of yo :
4.3.1 (run yo --version in your terminal)
Type of issue
BUG
In a scan for one of our repos, we found a security issue inside Yo where "http-cache-semantics" is vulnerable to Regular Expression D-O-S:
CVE-2022-25881
This is caused by a transitive dependency found in the current version of Yo :
"yo@4.3.0 requires http-cache-semantics@3.8.1 via a transitive dependency on cacheable-request@2.1.4"
The version of "http-cache-semantics" that is secure is 4.1.1.
Updating to Yo 4.3.1. did not fix this issue.
My environment
Windows 10 64-bit16.8.1(runnode --versionin your terminal)8.12.1(runnpm --versionin your terminal)4.3.1(runyo --versionin your terminal)