Code Monkey home page Code Monkey logo

Comments (10)

usualoma avatar usualoma commented on July 28, 2024 1

Hi @y0d3n

Thanks for the report!
You're right about "Host: example.com/bbb?" too, I think it should be an error.
We will start to fix it immediately.

from node-server.

usualoma avatar usualoma commented on July 28, 2024 1

At the moment, I would like to finalise the following changes.

main...usualoma:node-server:fix-invalid-incoming-request

from node-server.

yusukebe avatar yusukebe commented on July 28, 2024 1

I've published the report and requested the CVE number:

GHSA-hgxw-5xg3-69jx

from node-server.

y0d3n avatar y0d3n commented on July 28, 2024 1

Oh! I am very happy😆
Thank you very much!

from node-server.

yusukebe avatar yusukebe commented on July 28, 2024

Hi @Yovach

Thank you for raising the issue.

@usualoma Can you take a look at this?

from node-server.

usualoma avatar usualoma commented on July 28, 2024

#160 will also need to be considered together.

from node-server.

usualoma avatar usualoma commented on July 28, 2024

I've created #162

#162 would be able to be released immediately in a patch version, as it only suppresses the abnormal termination and does not change the behaviour.

#160 and #161 may have edge cases affected by the change, so it would be better to calm down and fix them in the next minor version.

from node-server.

y0d3n avatar y0d3n commented on July 28, 2024

Thanks for the quick fix.
Can I request CVE number for DoS? (Or after the related issue has been resolved?)

from node-server.

usualoma avatar usualoma commented on July 28, 2024

And created #163

@y0d3n Thank you for offering. I appreciate it.

Can I request CVE number for DoS? (Or after the related issue has been resolved?)

It would be good to release a more secure version with #163 first and then promote the update to users.

@yusukebe What do you think?

from node-server.

yusukebe avatar yusukebe commented on July 28, 2024

Hi @y0d3n

I'm creating the report to request the CVE number for this issue.

from node-server.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.