floofloof@lemmy.ca to Technology@lemmy.mlEnglish · 6 months agoDev rejects CVE severity, makes his GitHub repo read-onlywww.bleepingcomputer.comexternal-linkmessage-square17fedilinkarrow-up197arrow-down13cross-posted to: programming@programming.devcybersecurity@sh.itjust.works
arrow-up194arrow-down1external-linkDev rejects CVE severity, makes his GitHub repo read-onlywww.bleepingcomputer.comfloofloof@lemmy.ca to Technology@lemmy.mlEnglish · 6 months agomessage-square17fedilinkcross-posted to: programming@programming.devcybersecurity@sh.itjust.works
minus-squareSirQuackTheDuck@lemmy.worldlinkfedilinkarrow-up11·6 months agoEven worse, the CVE is effectively “if you use the package wrong, you get weird results”. The affected method has signature function isPrivate(ip: string): boolean. Passing in a hex number is not a string, and a method (toString) exists for this.
Even worse, the CVE is effectively “if you use the package wrong, you get weird results”.
The affected method has signature
function isPrivate(ip: string): boolean. Passing in a hex number is not a string, and a method (toString) exists for this.