Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Patching CVE-2020-8175 #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Patching CVE-2020-8175 #1

wants to merge 1 commit into from

Conversation

knokbak
Copy link

@knokbak knokbak commented Jan 7, 2021

I made a fork of get-pixels so I could patch the CVE-2020-8175 security issue. Everything under the hood is the same - you can check if you want - only the package.json file and README.md file has been updated.

You may have to make sure it is still compatible before merging (even though it most likely is), I haven't.

@knokbak
Patching CVE-2020-8175
693dc52 
I made [a fork](https://github.com/sysollie/get-pixels-updated) of [get-pixels](https://github.com/scijs/get-pixels) so I could patch the [CVE-2020-8175](GHSA-w7q9-p3jq-fmhm) security issue. Everything under the hood is the same - you can check if you want - only the package.json file and README.md file has been updated.

You may have to make sure it is still compatible before merging (even though it most likely is), I haven't.
@yzevm
Copy link

yzevm commented Jan 8, 2021
edited
Loading

Hi @sysollie thanks for your PR, I'll keep it open for a while
I plan to fix this infinitered/nsfwjs#431 and add your changes
upd. I have some doubts on event loop blocking in firefox

@knokbak
Copy link
Author

knokbak commented Jan 8, 2021
edited
Loading

Hi @sysollie thanks for your PR, I'll keep it open for a while
I plan to fix this infinitered/nsfwjs#431 and add your changes
upd. I have some doubts on event loop blocking in firefox

If the old get-pixels works, this should also work seen as all that has been updated is the vulnerable dependency. Would probably be a good idea to test it though.

EDIT: I'll also see if I can get this updated over at the original gif-frames seen as it's still decently popular. Sadly, it looks like the owner may be inactive.

@NViviers NViviers mentioned this pull request Sep 1, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@knokbak @yzevm