node-pdf-image icon indicating copy to clipboard operation
node-pdf-image copied to clipboard

Published 20 hours ago verified publisher icon mooz

Security issue

Open lirantal opened this issue 6 years ago • 6 comments

Hi,

I'm a member of the Node.js Security WG and we received a report regarding a security issue with this module. We tried inviting the author by e-mail but received no response so I'm opening this issue and inviting anyone with commit and npm publish rights to collaborate with us on a fix.

lirantal avatar May 11 '18 15:05 lirantal

Hello @lirantal, you can contact me because of this issue via [anonymized]

May i can fix and provide an PR

roest01 avatar May 12 '18 14:05 roest01

Yes @roest01, please check your inbox for the invite

lirantal avatar May 13 '18 01:05 lirantal

Any news about this issue?

queval-j avatar Apr 04 '19 20:04 queval-j

PR is made. Issue is fixed there ...

roest01 avatar Apr 04 '19 20:04 roest01

Maybe someone or some could do a code review of #39 to help @mooz merging this ?

roest01 avatar Apr 16 '19 09:04 roest01

As long as there is no new version how can I sanitize input for the current 2.0.0 version?

svrnwnsch avatar Sep 24 '19 11:09 svrnwnsch