arrayfire-js security issue

arrayfire / arrayfire-js

ArrayFire.js - ArrayFire for Node.js

BSD 3-Clause "New" or "Revised" License

120 stars 11 forks source link

arrayfire-js security issue #14

Open pavanky opened 6 years ago

pavanky commented 6 years ago

@unbornchikken Can you look into fixing this https://nvd.nist.gov/vuln/detail/CVE-2016-10598 ?

unbornchikken commented 6 years ago

I don't get it. There is nothing to get donwloaded by ArrayFire.js itself. NPM downloads the module from the registry during the installation but it's part of the very standard Node.js module infrastructure. For the build process CMake.js downloads headers and lib files but it's been using https urls only, please refer to this file: https://github.com/cmake-js/cmake-js/blob/master/lib/es6/runtimePaths.js.

pavanky commented 6 years ago

@unbornchikken looks like the CVE is from 2016? but it only got published recently. I am not sure what is happening :-/

pavanky commented 6 years ago

Looks like this is the original report: https://nodesecurity.io/advisories/192

p3x-robot commented 5 years ago

this is funny :)

p3x-robot commented 5 years ago

arrayfire-js security issue :)