Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

file-type <16.5.4 vulnerable to Infinite Loop via malformed MKV file #4

Closed
azu opened this issue Jul 23, 2022 · 2 comments
Closed

file-type <16.5.4 vulnerable to Infinite Loop via malformed MKV file #4

azu opened this issue Jul 23, 2022 · 2 comments
Labels
Type: Security Vulnerability disclosure or Fixing security issue

Comments

@azu
Copy link
Owner

azu commented Jul 23, 2022

file-type <16.5.4 has a vulerablity.

❯ npm audit --omit  dev
# npm audit report

file-type  <16.5.4
Severity: moderate
file-type vulnerable to Infinite Loop via malformed MKV file - https://github.com/advisories/GHSA-mhxj-85r3-2x55
fix available via `npm audit fix --force`
Will install file-type@17.1.3, which is a breaking change
node_modules/file-type

This vulerablity was fixed in following versions.
@azu
Copy link
Owner Author

azu commented Jul 23, 2022

file-type has a breaking change. We need to do breakchanges.

@azu azu added the Type: Security Vulnerability disclosure or Fixing security issue label Jul 23, 2022
@azu
Copy link
Owner Author

azu commented Jul 23, 2022

fixed in #5

@azu azu closed this as completed Jul 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Security Vulnerability disclosure or Fixing security issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@azu