Open ultimate-tester opened 5 years ago
Currently the torrent-discovery dependency is outdated causing the following Denial of Service exploit:
High Denial of Service Package ws Patched in >= 1.1.5 <2.0.0 || >=3.3.1 Dependency of torrent-stream Path torrent-stream > torrent-discovery > bittorrent-tracker > simple-websocket > ws More info https://nodesecurity.io/advisories/550
High Denial of Service
Package ws
Patched in >= 1.1.5 <2.0.0 || >=3.3.1
Dependency of torrent-stream
Path torrent-stream > torrent-discovery > bittorrent-tracker > simple-websocket > ws
More info https://nodesecurity.io/advisories/550
Please update the dependency to the latest version, this package is behind by quite some major versions..
See https://github.com/mafintosh/torrent-stream/pull/190
G-Ray
commented
5 years ago G-Ray
commented
5 years ago
Currently the torrent-discovery dependency is outdated causing the following Denial of Service exploit:
Please update the dependency to the latest version, this package is behind by quite some major versions..