[Bug]: Vulnerability from ethers v5.7.2 #8173
Comments
samuel-kim-mesh
added
bug
|
they won't care unless you'll keep bumping the issue so that the stale bot won't close it, don't forget to insult them every few bumps |
|
Bump please take a look here! This is a big security vulnerability. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Impacted Library name
@ledgerhq/hw-app-eth
Impacted Library version
10.5.0 (using yarn 1.22.21)
Describe the bug
@ledgerhq/hw-app-eth has dependency on @ledgerhq/evm-tools which has a dependency on @ethers (v5.7.2). Ethers v5.7.2 has a known security vulnerability due to its ws package. ethers-io/ethers.js#4791. ws package can be resolved by upgrading to version >= 8.17.1 and was actually addressed in ethers versions >= 6.
Can we upgrade dependency for ethers to v6 or greater to address this vulnerability?
Expected behavior
Upgrade to ethers v6 or greater to address ws vulnerability.
Additional context
DoS vulnerability caused by ws dependency on ethers v5
The text was updated successfully, but these errors were encountered: