search

talmobi / yt-search

100 stars 33 forks source link

Vulnerability issue for yt-search for discord bot #58

Closed FRG-SHADOWFALL closed 3 years ago

FRG-SHADOWFALL commented 3 years ago

Denial of service

talmobi commented 3 years ago

Which discord bot? Any more information?

This is a library/module.

antonio-bastos commented 3 years ago

I believe you're referring to this https://www.npmjs.com/advisories/1754?

talmobi commented 3 years ago

I see.

css-what is a dependency of cheerio, which is used to parse the html from youtube.

Given that we're parsing youtube pages only, I'm not concerned too much of DOS attacks.

I'll put it on the TODO list.

FRG-SHADOWFALL commented 3 years ago

thx

On Wed, 9 Jun 2021 at 00:19, talmobi @.***> wrote:

I see.

css-what is a dependency of cheerio, which is used to parse the html from youtube.

Given that we're parsing youtube pages only, I'm not concerned too much of DOS attacks.

I'll put it on the TODO list.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/talmobi/yt-search/issues/58#issuecomment-857010614, or unsubscribe https://github.com/notifications/unsubscribe-auth/ASE6WWXI3P356GRYPW5WI2TTRZQ4ZANCNFSM46JALJZQ .

FRG-SHADOWFALL commented 3 years ago

yes i am how do i possibly fix it?

On Wed, 9 Jun 2021 at 00:11, Scxipted @.***> wrote:

I believe you're referring to this https://www.npmjs.com/advisories/1754?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/talmobi/yt-search/issues/58#issuecomment-857005172, or unsubscribe https://github.com/notifications/unsubscribe-auth/ASE6WWWEO2EGECLJMK5QNMDTRZP4LANCNFSM46JALJZQ .

talmobi commented 3 years ago

try updating css-what, might work

antonio-bastos commented 3 years ago

Didn't seem like it worked.

cktang88 commented 3 years ago

Updating cheerio to at least https://github.com/cheeriojs/cheerio/tree/v1.0.0-rc.6 will probably work, which has the updated css-what lib

talmobi commented 3 years ago

Updating cheerio to at least https://github.com/cheeriojs/cheerio/tree/v1.0.0-rc.6 will probably work, which has the updated css-what lib

you want to make a PR with updated dependencies?

talmobi commented 3 years ago

Should be fixed with @cktang88 PR merged and published to 2.9.0

cktang88 commented 3 years ago

works fine on new proj now image

talmobi commented 3 years ago

@cktang88 thanks for the PR and looking into it, will leave this open for ~30 days or when @FRG-SHADOWFALL confirms it solved his issue and closes it himself

FRG-SHADOWFALL commented 3 years ago

Thanks a lot to who ever helped in fixing the issue it has been resolved now ! AND GOOD LUCK WITH SOLVING OTHER ISSUES ! :)