node-coveralls icon indicating copy to clipboard operation
node-coveralls copied to clipboard

Published 20 hours ago verified publisher icon nickmerwin

Moderate severity issue with current sshpk version

Open vikingair opened this issue 5 years ago • 2 comments

See here:

CVE-2018-3737 (moderate severity)
Vulnerable versions: < 1.13.2
Patched version: 1.13.2
The sshpk NPM package is vulnerable to ReDoS when parsing crafted invalid public keys.

Please update this dependency. Thank you.

vikingair avatar Mar 24 '19 10:03 vikingair

Since this library doesn't seem to be supported anymore I fix a bunch of things on a fork if you want to check it out and are still pulling the library into your packages: https://github.com/jtwebman/coveralls-next

jtwebman avatar Mar 06 '22 22:03 jtwebman

Good to know @jtwebman . Thank you.

luoisbeck avatar Mar 15 '22 15:03 luoisbeck