From 1116c6b1a92dba18b759a0c7b39cca8fb50a47b4 Mon Sep 17 00:00:00 2001 From: sumitsuthar Date: Fri, 27 Oct 2023 18:11:14 +0530 Subject: [PATCH] chore: Upgrade axios to 1.6.0 to resolve CVE-2023-45857 (#115) --- .../response/fuzz-request-handler.js | 5 +++- package-lock.json | 27 ++++++++++++++++--- package.json | 2 +- 3 files changed, 28 insertions(+), 6 deletions(-) diff --git a/lib/nr-security-agent/lib/core/connections/websocket/response/fuzz-request-handler.js b/lib/nr-security-agent/lib/core/connections/websocket/response/fuzz-request-handler.js index cc14238b..91ccc195 100644 --- a/lib/nr-security-agent/lib/core/connections/websocket/response/fuzz-request-handler.js +++ b/lib/nr-security-agent/lib/core/connections/websocket/response/fuzz-request-handler.js @@ -180,7 +180,10 @@ function handleFuzzResponse(response, fuzzDetails) { */ function parseAxiosHttpRequestToFuzz(requestObject) { let serverName = requestObject.serverName ? requestObject.serverName : LOCALHOST; - let host = serverName + COLON + requestObject.serverPort + let host = serverName + COLON + requestObject.serverPort; + if(requestObject.headers && requestObject.headers['content-length']){ + delete requestObject.headers['content-length']; + } return { url: requestObject.protocol + COLON_SLASH_SLASH + host + requestObject.url, method: requestObject.method, diff --git a/package-lock.json b/package-lock.json index bab3a847..5d985bea 100644 --- a/package-lock.json +++ b/package-lock.json @@ -5472,11 +5472,25 @@ "dev": true }, "axios": { - "version": "0.21.4", - "resolved": "https://registry.npmjs.org/axios/-/axios-0.21.4.tgz", - "integrity": "sha512-ut5vewkiu8jjGBdqpM44XxjuCjq9LAKeHVmoVfHVzy8eHgxxq8SbAVQNovDA8mVi05kP0Ea/n/UzcSHcTJQfNg==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.0.tgz", + "integrity": "sha512-EZ1DYihju9pwVB+jg67ogm+Tmqc6JmhamRN6I4Zt8DfZu5lbcQGw3ozH9lFejSJgs/ibaef3A9PMXPLeefFGJg==", "requires": { - "follow-redirects": "^1.14.0" + "follow-redirects": "^1.15.0", + "form-data": "^4.0.0", + "proxy-from-env": "^1.1.0" + }, + "dependencies": { + "form-data": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", + "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==", + "requires": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.8", + "mime-types": "^2.1.12" + } + } } }, "balanced-match": { @@ -9298,6 +9312,11 @@ } } }, + "proxy-from-env": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==" + }, "psl": { "version": "1.9.0", "resolved": "https://registry.npmjs.org/psl/-/psl-1.9.0.tgz", diff --git a/package.json b/package.json index c5bb42a4..3b9f043b 100755 --- a/package.json +++ b/package.json @@ -36,7 +36,7 @@ }, "dependencies": { "@aws-sdk/client-lambda": "^3.405.0", - "axios": "0.21.4", + "axios": "1.6.0", "check-disk-space": "3.3.1", "content-type": "^1.0.5", "fast-safe-stringify": "^2.1.1",