Description
Versions v9.26.0, v10.9.x), v11.1.x, v12.0.x all contained the code that would throw the error.
Specifically, during a pentest we encountered a bug in the octokit/webhooks library (a dependency of Probot, a framework for building Github Apps). The resulting request was found to cause an uncaught exception that ends the nodejs process.
Recommendation
Update the octokit package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.1.2
- Patched version(s): 3.1.2
References
Related Issues
- Axios is vulnerable to DoS attack through lack of data size check - CVE-2025-58754
- Parse Server's custom object ID allows to acquire role privileges - CVE-2024-47183
- XSS in jQuery as used in Drupal, Backdrop CMS, and other products - CVE-2019-11358
- Bootstrap Vulnerable to Cross-Site Scripting (GHSA-9v3m-8fp8-mj99) - CVE-2019-8331
- Tags:
- npm
- octokit
Anything's wrong? Let us know Last updated on December 16, 2023