Skip to content

[Aikido] Fix critical issue in constantinople via minor version upgrade from 3.0.2 to 3.1.1 in server#28

Closed
aikido-autofix[bot] wants to merge 1 commit into
masterfrom
fix/aikido-security-KAN-2679-KAN-2725update-packages-21758344-usqy
Closed

[Aikido] Fix critical issue in constantinople via minor version upgrade from 3.0.2 to 3.1.1 in server#28
aikido-autofix[bot] wants to merge 1 commit into
masterfrom
fix/aikido-security-KAN-2679-KAN-2725update-packages-21758344-usqy

Conversation

@aikido-autofix

@aikido-autofix aikido-autofix Bot commented Apr 2, 2026

Copy link
Copy Markdown

Upgrade constantinople to fix critical sandbox bypass vulnerability enabling arbitrary code execution.

✅ 1 CVE resolved by this upgrade, including 1 critical 🚨 CVE

This PR will resolve the following CVEs:

Issue Severity           Description
GHSA-4vmm-mhcq-4x9j
🚨 CRITICAL
[constantinople] Versions of constantinople prior to 3.1.1 are vulnerable to a sandbox bypass which can lead to arbitrary code execution.


## Recommendation

Update to version 3.1.1 or later.
🔗 Related Tasks

@aikido-autofix aikido-autofix Bot added bug Something isn't working documentation Improvements or additions to documentation labels Apr 2, 2026
@aikido-autofix

Copy link
Copy Markdown
Author

Closed by Aikido: a new AutoFix has been created → #35

@aikido-autofix aikido-autofix Bot closed this Jun 29, 2026
@aikido-autofix aikido-autofix Bot deleted the fix/aikido-security-KAN-2679-KAN-2725update-packages-21758344-usqy branch June 29, 2026 21:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working documentation Improvements or additions to documentation

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants