In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade @axonflow/sdk to version 7.0.0 or higher.
@axonflow/sdk is an AxonFlow SDK - Add invisible AI governance to your applications in 3 lines of code
Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the lack of exposure of the HMAC-SHA256 signing key in the SDK's typed API, which prevents verification of the X-AxonFlow-Signature header on incoming webhook deliveries. An attacker can cause the receiving application to act on forged webhook events by sending crafted payloads to the webhook endpoint.