floofloof@lemmy.ca to Technology@lemmy.mlEnglish · 4 days agoDev rejects CVE severity, makes his GitHub repo read-onlywww.bleepingcomputer.comexternal-linkmessage-square16fedilinkarrow-up11arrow-down10cross-posted to: programming@programming.devcybersecurity@sh.itjust.works
arrow-up11arrow-down1external-linkDev rejects CVE severity, makes his GitHub repo read-onlywww.bleepingcomputer.comfloofloof@lemmy.ca to Technology@lemmy.mlEnglish · 4 days agomessage-square16fedilinkcross-posted to: programming@programming.devcybersecurity@sh.itjust.works
minus-squareSirQuackTheDuck@lemmy.worldlinkfedilinkarrow-up0·3 days agoEven worse, the CVE is effectively “if you use the package wrong, you get weird results”. The affected method has signature function isPrivate(ip: string): boolean. Passing in a hex number is not a string, and a method (toString) exists for this.
Even worse, the CVE is effectively “if you use the package wrong, you get weird results”.
The affected method has signature
function isPrivate(ip: string): boolean
. Passing in a hex number is not a string, and a method (toString
) exists for this.