Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE Security issue #343

Closed
dtiziani opened this issue May 17, 2018 · 2 comments
Closed

CVE Security issue #343

dtiziani opened this issue May 17, 2018 · 2 comments

Comments

@dtiziani
Copy link

Version: 3.17.0

Code Snippet

$ npm i twilio
$ npm audit

Exception/Log

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Out-of-bounds Read                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ stringstream                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ No patch available                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ twilio                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ twilio > request > stringstream                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/664                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

Steps to Reproduce

  1. npm i twilio
  2. npm audit
@dkundel
Copy link
Member

dkundel commented May 18, 2018

Thanks for raising this @dtiziani! I'll submit a PR to update the request dependency accordingly.

Cheers,
Dominik

dkundel added a commit to dkundel/twilio-node that referenced this issue May 18, 2018
@dkundel
Update dependencies to fix vulnerabilities twilio#343
618ff69
@dkundel dkundel mentioned this issue May 18, 2018
Merged
cjcodes pushed a commit that referenced this issue May 25, 2018
@dkundel @cjcodes
Update dependencies to fix vulnerabilities (#343) (#347)
d6f393b 
* Update dependencies to fix vulnerabilities #343

* Temporarily rollback version bumps for jshint & nsp
@dkundel
Copy link
Member

dkundel commented May 25, 2018

Hey @dtiziani,

The dependency has been fixed and @cjcodes will release a new version right now. Once that happened you should be good to upgrade. Thanks again for raising this!

Cheers,
Dominik

@dkundel dkundel closed this as completed May 25, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dkundel @dtiziani