Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reducing security vulnerabilities #142

Open
Luketep opened this issue Sep 24, 2019 · 1 comment
Open

Reducing security vulnerabilities #142

Luketep opened this issue Sep 24, 2019 · 1 comment

Comments

@Luketep
Copy link

Luketep commented Sep 24, 2019

Hey, we are using your tool and our audit procedures report unfixed vulnerabilites within your project. Since I don't want to fork it, I would like to submit a PR with the fixes. Please let me know if this is an option for you.
@ermurri
Copy link

ermurri commented Feb 26, 2020

@z0mt3c any chance you can address this issue?

Screen Shot 2020-02-26 at 16 01 10

Per the NPM referenced in the audit advisory:

Overview

All versions of ammo are vulnerable to Denial of Service. The Range HTTP header parser has a vulnerability which will cause the function to throw a system error if the header is set to an invalid value. Because hapi is not expecting the function to ever throw, the error is thrown all the way up the stack. If no unhandled exception handler is available, the application will exist, allowing an attacker to shut down services.

Remediation

This package is deprecated and is now maintained as @hapi/ammo. Please update your dependencies to use @hapi/ammo.

@O-Mutt O-Mutt mentioned this issue Sep 30, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Luketep @ermurri