Description
Versions v9.26.0, v10.9.x), v11.1.x, v12.0.x all contained the code that would throw the error.
Specifically, during a pentest we encountered a bug in the octokit/webhooks library (a dependency of Probot, a framework for building Github Apps). The resulting request was found to cause an uncaught exception that ends the nodejs process.
Recommendation
Update the octokit package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.1.2
- Patched version(s): 3.1.2
References
Related Issues
- Vercel ms Inefficient Regular Expression Complexity vulnerability - CVE-2017-20162
- Axios is vulnerable to DoS attack through lack of data size check - CVE-2025-58754
- billboard.js allows prototype pollution via the function generate - CVE-2025-49223
- Parse Server's custom object ID allows to acquire role privileges - CVE-2024-47183
- Tags:
- npm
- octokit
Anything's wrong? Let us know Last updated on December 16, 2023