nsfwjs icon indicating copy to clipboard operation
nsfwjs copied to clipboard

Published 20 hours ago verified publisher icon infinitered

Bump to [email protected]

Open mtrezza opened this issue 4 years ago • 5 comments
trafficstars

Denial of Service (DoS) Affected module: [email protected]

Introduced through: [email protected]

Exploit maturity: No known exploit

Fixed in: [email protected]

Detailed paths

Introduced through: [email protected] › @nsfw-filter/[email protected][email protected][email protected] Overview

Affected versions of this package are vulnerable to Denial of Service (DoS). The attacker could manipulate the exif data in the image file such as change the image pixel to 64250x64250pixels. If the module loaded the crafted image, it tries to allocate 4128062500 pixels into memory.

mtrezza avatar Apr 15 '21 23:04 mtrezza

And maybe add snyk to this repo to auto-create these PRs.

mtrezza avatar Apr 15 '21 23:04 mtrezza

thanks for creating this issue got that as a dependabot alert too

linkle69 avatar Apr 16 '21 07:04 linkle69

I've got it updated in master. This should have shipped with v2.4.0 https://github.com/infinitered/nsfwjs/releases/tag/v2.4.0

What version did you get this error with?

GantMan avatar Apr 17 '21 22:04 GantMan

Ahhh, sorry, it's here: https://github.com/nsfw-filter/gif-frames

Please PR there, and I'll pull in the new version here, and then release 2.4.1

GantMan avatar Apr 17 '21 22:04 GantMan

Would anyone like to go do the PR on this?

GantMan avatar Jun 26 '21 15:06 GantMan