You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@thrift.apache.org by "Jon (JIRA)" <ji...@apache.org> on 2017/03/29 17:00:47 UTC
[jira] [Commented] (THRIFT-3975) Security issue in Node.js module
dependencies
[ https://issues.apache.org/jira/browse/THRIFT-3975?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15947517#comment-15947517 ]
Jon commented on THRIFT-3975:
-----------------------------
Can we bump priority on this? Any reason to ship code with known CVSS vulns?
> Security issue in Node.js module dependencies
> ---------------------------------------------
>
> Key: THRIFT-3975
> URL: https://issues.apache.org/jira/browse/THRIFT-3975
> Project: Thrift
> Issue Type: Bug
> Components: Node.js - Library
> Affects Versions: 0.9.3
> Environment: Any
> Reporter: Marc Trudel
>
> Using RetireJS, the following information was reported:
> ws 0.4.32 has known vulnerabilities: https://nodesecurity.io/advisories/67 advisory: DoS due to excessively large websocket message; https://nodesecurity.io/advisories/120
> project 0.0.1
> ↳ ws 0.4.32
> This shouldn't affect me in the use-case I'll be using Thrift, but should obviously get fixed at some point.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)