The @okta/okta-auth-js package currently utilizes ‘jsonpath-plus@6.0.1’. A vulnerability with this dependency just showed up in Snyk. Is this being addressed?
jsonpath-plus@6.0.1: Remote Code Execution (RCE) [Critical Severity]
Thanks,
Thanks for reaching out @matthewr. Our engineering team is aware of this and are planning to update the dependencies for this library. I’ll update this thread once I have confirmation that this is complete.
1 Like
You can also track the GH Issue that was opened for this for updates: Update jsonpath · Issue #1544 · okta/okta-auth-js · GitHub
We have a new release for AuthJS that addresses this, v7.8.1
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.