GCWizard icon indicating copy to clipboard operation
GCWizard copied to clipboard

Security issue during Git push

Open S-Man42 opened this issue 1 year ago • 5 comments

https://github.com/S-Man42/GCWizard/security/dependabot/1

S-Man42 avatar May 07 '24 16:05 S-Man42

So if I see it correctly, iText is only used in the Wherigo decompiler. Maybe there is a newer version of the library. But in the best case scenario, we won't need it any more soon. I think we can close this issue.

Mike-3 avatar Jul 16 '24 13:07 Mike-3

So we need @t-m-z to be aware of this and that will be removed, right?

S-Man42 avatar Jul 16 '24 16:07 S-Man42

Well, I don't think he can remove it quickly, but the script is supposed to be switched to an offline version anyway.

Mike-3 avatar Jul 16 '24 16:07 Mike-3

As far as I understand this issue: itext is an jar which allows to read and write PDF.

The WherigoDecompiler JavaServlet reads a compiled LUA ByteCode beeing part of a WherigoCartridge, decompiles it with unluac.jar and sends back the LUA Sourcecode.

Up to now I have no idea why this itext issue affects us.

Sent from MailDroid

-----Original Message----- From: Mike-3 @.> To: S-Man42/GCWizard @.> Cc: Thomas @.>, Mention @.> Sent: Di., 16 Juli 2024 18:58 Subject: Re: [S-Man42/GCWizard] Security issue during Git push (Issue #1666)

Well, I don't think he can remove it quickly, but the script is supposed to be switched to an offline version anyway.

-- Reply to this email directly or view it on GitHub: https://github.com/S-Man42/GCWizard/issues/1666#issuecomment-2231401383 You are receiving this because you were mentioned.

Message ID: @.***>

t-m-z avatar Jul 16 '24 17:07 t-m-z

Well, I just looked for iText in our project and it was only found once. I can only imagine that it was included by some lib.

Mike-3 avatar Jul 16 '24 19:07 Mike-3