react-native-fast-image icon indicating copy to clipboard operation
react-native-fast-image copied to clipboard

Published 20 hours ago • verified publisher icon DylanVann

Critical WebP 0-day security CVE-2023-4863

Open huaguoshi opened this issue 1 year ago • 3 comments

Detailed paths Introduced through: [email protected] › [email protected] › [email protected] › [email protected] Security information Factors contributing to the scoring: Snyk: CVSS 10.0 - CRITICAL Severity NVD: 8.8 HIGH

libwebp is a Library to encode and decode images in WebP format.

huaguoshi avatar Oct 06 '23 06:10 huaguoshi

+1

markosrx avatar Oct 09 '23 12:10 markosrx

I have added the following code to my Podfile which seems to update this dependency for FastImage. Seems like an acceptable workaround for the time being.

# Dependency chain: RNFastImage -> SDWebImageWebPCoder -> libwebp
pod 'libwebp', '1.3.2', :source => 'https://cdn.cocoapods.org/'

Thenlie avatar Oct 26 '23 21:10 Thenlie

Also, this is a duplicate of #994

Thenlie avatar Oct 26 '23 21:10 Thenlie