gif-frames icon indicating copy to clipboard operation
gif-frames copied to clipboard

Published 20 hours ago • verified publisher icon nsfw-filter

Patching CVE-2020-8175

Open knokbak opened this issue 4 years ago • 2 comments

I made a fork of get-pixels so I could patch the CVE-2020-8175 security issue. Everything under the hood is the same - you can check if you want - only the package.json file and README.md file has been updated.

You may have to make sure it is still compatible before merging (even though it most likely is), I haven't.

knokbak avatar Jan 07 '21 10:01 knokbak

Hi @sysollie thanks for your PR, I'll keep it open for a while I plan to fix this https://github.com/infinitered/nsfwjs/issues/431 and add your changes upd. I have some doubts on event loop blocking in firefox

yzevm avatar Jan 08 '21 15:01 yzevm

Hi @sysollie thanks for your PR, I'll keep it open for a while I plan to fix this https://github.com/infinitered/nsfwjs/issues/431 and add your changes upd. I have some doubts on event loop blocking in firefox

If the old get-pixels works, this should also work seen as all that has been updated is the vulnerable dependency. Would probably be a good idea to test it though.

EDIT: I'll also see if I can get this updated over at the original gif-frames seen as it's still decently popular. Sadly, it looks like the owner may be inactive.

knokbak avatar Jan 08 '21 18:01 knokbak