arrayfire-js icon indicating copy to clipboard operation
arrayfire-js copied to clipboard

Published 20 hours ago verified publisher icon arrayfire

arrayfire-js security issue

Open pavanky opened this issue 6 years ago • 5 comments

@unbornchikken Can you look into fixing this https://nvd.nist.gov/vuln/detail/CVE-2016-10598 ?

pavanky avatar Jul 06 '18 14:07 pavanky

I don't get it. There is nothing to get donwloaded by ArrayFire.js itself. NPM downloads the module from the registry during the installation but it's part of the very standard Node.js module infrastructure. For the build process CMake.js downloads headers and lib files but it's been using https urls only, please refer to this file: https://github.com/cmake-js/cmake-js/blob/master/lib/es6/runtimePaths.js.

unbornchikken avatar Jul 09 '18 06:07 unbornchikken

@unbornchikken looks like the CVE is from 2016? but it only got published recently. I am not sure what is happening :-/

pavanky avatar Jul 09 '18 16:07 pavanky

Looks like this is the original report: https://nodesecurity.io/advisories/192

pavanky avatar Jul 09 '18 16:07 pavanky

this is funny :)

p3x-robot avatar Jan 23 '19 08:01 p3x-robot

arrayfire-js security issue :)

p3x-robot avatar Jan 23 '19 08:01 p3x-robot