Denial of Service in canvas · GHSA-vpq5-4rc8-c222 · GitHub Advisory Database · GitHub

Denial of Service in canvas

Moderate severity GitHub Reviewed Published Jun 5, 2019 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

canvas (npm)

Affected versions

< 1.6.10

Patched versions

1.6.10

Description

Versions of canvas prior to 1.6.10 are vulnerable to Denial of Service. Processing malicious JPEGs or GIFs could crash the node process.

Recommendation

Upgrade to version 1.6.10

References

Reviewed Jun 5, 2019

Published to the GitHub Advisory Database Jun 5, 2019

Last updated Jan 9, 2023