node-XMLHttpRequest icon indicating copy to clipboard operation
node-XMLHttpRequest copied to clipboard

Published 20 hours ago verified publisher icon driverdan

xmlhttprequest vulnerability

Open somanianands opened this issue 4 years ago • 3 comments

https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936 Do you have any fix for this issue?

somanianands avatar Apr 23 '21 16:04 somanianands

why is this STILL not fixed? Wtf, that is such an easy fix ffs... just save the "data" into another temporary file and load it in the subprocess...

Enerccio avatar Sep 25 '22 07:09 Enerccio

why is this STILL not fixed? Wtf, that is such an easy fix ffs... just save the "data" into another temporary file and load it in the subprocess...

@Enerccio If you are so angry and know the steps required to resolve the issue, maybe you should submit a patch, or fork the repo.

willmorgan avatar Sep 25 '22 09:09 willmorgan

why is this STILL not fixed? Wtf, that is such an easy fix ffs... just save the "data" into another temporary file and load it in the subprocess...

@Enerccio If you are so angry and know the steps required to resolve the issue, maybe you should submit a patch, or fork the repo.

just because I empathize doesn't mean I am angry. I am just surprised on how basic the vulnerability was and how easy it is to fix it

Enerccio avatar Sep 25 '22 11:09 Enerccio