mirror of
https://github.com/reconurge/flowsint.git
synced 2026-07-16 09:02:57 -05:00
[PR #158] [CLOSED] fix: upgrade fast-uri to 3.1.1 (CVE-2026-6321) #2453
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/reconurge/flowsint/pull/158
Author: @orbisai0security
Created: 6/3/2026
Status: ❌ Closed
Base:
main← Head:fix-cve-2026-6321-fast-uri📝 Commits (1)
1568a10fix: CVE-2026-6321 security vulnerability📊 Changes
2 files changed (+6 additions, -0 deletions)
View changed files
📝
flowsint-app/package.json(+1 -0)📝
yarn.lock(+5 -0)📄 Description
Summary
Upgrade fast-uri from 3.1.0 to 3.1.1 to fix CVE-2026-6321.
Vulnerability
CVE-2026-6321flowsint-app/yarn.lockDescription: fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies
Evidence
Scanner confirmation: trivy rule
CVE-2026-6321flagged this pattern.Production code: This file is in the production codebase, not test-only code.
Threat Model Context
This is a Node.js library - vulnerabilities affect downstream consumers who use this package.
Changes
flowsint-app/package.jsonflowsint-app/yarn.lockVerification
This change addresses a pattern flagged by static analysis. The code path handles user-influenced input and the fix reduces the attack surface against both manual and automated exploitation.
Automated security fix by OrbisAI Security
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.