arrayfire-js
arrayfire-js copied to clipboard
arrayfire-js security issue
@unbornchikken Can you look into fixing this https://nvd.nist.gov/vuln/detail/CVE-2016-10598 ?
I don't get it. There is nothing to get donwloaded by ArrayFire.js itself. NPM downloads the module from the registry during the installation but it's part of the very standard Node.js module infrastructure. For the build process CMake.js downloads headers and lib files but it's been using https urls only, please refer to this file: https://github.com/cmake-js/cmake-js/blob/master/lib/es6/runtimePaths.js.
@unbornchikken looks like the CVE is from 2016? but it only got published recently. I am not sure what is happening :-/
Looks like this is the original report: https://nodesecurity.io/advisories/192
this is funny :)
arrayfire-js security issue :)