Closed SViccari closed 8 years ago
Hi @SViccari! Nice catch! I built this library before I knew better about this vulnerability, and because it's been a while since I last used it, I did not think to come back to look for it.
I've incremented the version to 0.5.0
and pushed the update to Hex.
@slogsdon Wonderful, thank you for being so quick to address this!
Converting external parameters from strings keys to atom keys creates the vulnerability of being susceptible to a DoS attack, via object allocation. With this in mind, I'm proposing that we remove the string-to-atom conversion that's currently taking place.
I realize this will introduce a breaking change. If you like, I'm happy to bump the version as well.