New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

parsejson v0.0.3 has ReDoS vulnerable. see https://nodesecurity.io/advisories/528 #579

Closed

1 of 2 tasks

yosuke-furukawa opened this issue Sep 21, 2017 · 1 comment

Milestone

yosuke-furukawa commented Sep 21, 2017

Note: for support questions, please use one of these channels: stackoverflow or slack

https://nodesecurity.io/advisories/528

You want to:

report a bug
request a feature

Current behaviour

fail nsp check.

Steps to reproduce (if the current behaviour is a bug)

run nsp.

Expected behaviour

pass nsp check.

Setup

OS: n/a
browser: n/a
engine.io version: v3.1.1

Other information (e.g. stacktraces, related issues, suggestions how to fix)

https://nodesecurity.io/advisories/528

mattgrande mentioned this issue

Remove parsejson NPM package #580

Merged

5 tasks

Member

darrachequesne commented Sep 27, 2017

Closed by #580.

darrachequesne closed this as completed

darrachequesne added this to the 3.1.2 milestone

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment