Formiddable CVE #12440
Unanswered
vuthikxkol
asked this question in
Q&A
Formiddable CVE
#12440
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I noticed that a dependency of serverless, formidable, has a critical CVE. Serverless@3.38 uses formidable@2.1.1 which is vulnerable according to GHSA-8cp3-66vr-3r4c. Fix version is formidable@3.2.4. Since overriding would mean moving across major versions. I'm worried about breaking changes. Does anyone know if this is safe to do so or if there is any other workaround for this CVE?
Beta Was this translation helpful? Give feedback.
All reactions