CVE-2023-50728

Name of the Vulnerable Software and Affected Versions octokit/webhooks versions 9.26.0 through 9.26.2 octokit/webhooks versions 10.9.0 through 10.9.1 octokit/webhooks versions 11.1.0 through 11.1.1 octokit/webhooks versions 12.0.0 through 12.0.3

Description The issue is caused by a problem with error handling in the @octokit/webhooks library, where the error can be undefined in some cases, resulting in an uncaught exception that ends the nodejs process. This problem was encountered during a pentest and is specifically related to the octokit/webhooks library, a dependency of Probot, a framework for building Github Apps.

Recommendations For octokit/webhooks versions 9.26.0 through 9.26.2, update to version 9.26.3. For octokit/webhooks versions 10.9.0 through 10.9.1, update to version 10.9.2. For octokit/webhooks versions 11.1.0 through 11.1.1, update to version 11.1.2. For octokit/webhooks versions 12.0.0 through 12.0.3, update to version 12.0.4. As a general recommendation, it is advised to upgrade to the latest version of octokit/webhooks.js or use one of the updated backported versions.