You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@thrift.apache.org by "Jon (JIRA)" <ji...@apache.org> on 2017/03/29 17:00:47 UTC

[jira] [Commented] (THRIFT-3975) Security issue in Node.js module dependencies

    [ https://issues.apache.org/jira/browse/THRIFT-3975?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15947517#comment-15947517 ] 

Jon commented on THRIFT-3975:
-----------------------------

Can we bump priority on this? Any reason to ship code with known CVSS vulns?

> Security issue in Node.js module dependencies
> ---------------------------------------------
>
>                 Key: THRIFT-3975
>                 URL: https://issues.apache.org/jira/browse/THRIFT-3975
>             Project: Thrift
>          Issue Type: Bug
>          Components: Node.js - Library
>    Affects Versions: 0.9.3
>         Environment: Any
>            Reporter: Marc Trudel
>
> Using RetireJS, the following information was reported:
> ws 0.4.32 has known vulnerabilities:  https://nodesecurity.io/advisories/67 advisory: DoS due to excessively large websocket message; https://nodesecurity.io/advisories/120
> project 0.0.1
> ↳ ws 0.4.32
> This shouldn't affect me in the use-case I'll be using Thrift, but should obviously get fixed at some point.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)