| Version | Supported | Support Status |
|---|---|---|
| ≥ 0.22.x | ✅ | Active |
| ≤ 0.21.x | ❌ | Not supported (end of life) since December 9, 2023 |
| ≤ 0.12.x | ❌ | Not supported (end of life) since June 27, 2023 |
| Affected | Description | Severity | Vulnerability Type | Fixed in |
|---|---|---|---|---|
| ≤ 0.21.3 | SSRF & Credentials Leak. Read more | High (7.5) | CWE-918 | 0.22.0 |
| ≤ 0.21.3 | DOS by abusing fetchOptions.retry. Read more |
High (7.5) | CWE-674 | 0.22.0 |
| ≤ 0.12.0 | Leak secret tokens by changing baseURL. Read more |
High (7.5) | CWE-840 | 0.13.0 |
To report a vulnerability, please draft a new security advisory. Alternatively, you can send an email to pkg@johannschopplich.com with the word "SECURITY" in the subject line.