Security - CRITICAL - Unsafe dynamic method access #471
Comments
|
The link returns a 404. |
|
Yes, sry, it's private security page. GitHub return 404, i will share a screen capture.
|
|
Our project use zip.js lib, and a security scan return this alert. |
|
This line of code is related to the legacy version of zip.js. It can only be found in the previous version of the documentation, see https://github.com/gildas-lormeau/zip.js/blob/gh-pages/old-docs/demos/z-worker.js#L45. This code is not used in the current version of zip.js. To solve this problem, you could retrieve only the master branch of zip.js in your project and ignore the branch gh-pages which is used for documentation purposes only. Alternatively, if you're using the old version of zip.js then it has to be updated to the new version because the old version is not maintained anymore. |
|
ok thanks. I will upgrade. Do you know from wich version of zip.js this code come from ? https://raw.githubusercontent.com/mviewer/mviewer/master/demo/addons/fileimport/lib/zip.js |
|
This is the old version of zip.js. FYI, here is the last commit of this version: https://github.com/gildas-lormeau/zip.js/tree/3e7920810f63d5057ef6028833243105521da369. |
|
Ok Thanks. Weird to have too old lib (external contribution)... need real update of zip.js in my project. |
|
You're welcome! Kenavo |
Hi,
According to CodeQL scan, z-worker return a CRITICAL issue.
See https://github.com/mviewer/mviewer/security/code-scanning/23 to get more details.
The text was updated successfully, but these errors were encountered: