node-forge vulnerability #2

New Issue

Ghost · 2018-08-12T19:18:38Z

Ghost commented

2018-08-12 19:18:38 +00:00

Medium severity vuln found in node-forge@0.6.49, introduced via rsa-compat@1.5.1
    Description: Regular Expression Denial of Service (ReDoS)
    Info: https://snyk.io/vuln/npm:node-forge:20180226
    From: rsa-compat@1.5.1 > node-forge@0.6.49

There is a newer version available.
The issue is fixed since Mar 7thth, 2018

``` Medium severity vuln found in node-forge@0.6.49, introduced via rsa-compat@1.5.1 Description: Regular Expression Denial of Service (ReDoS) Info: https://snyk.io/vuln/npm:node-forge:20180226 From: rsa-compat@1.5.1 > node-forge@0.6.49 ``` There is a newer version available. The issue is fixed since Mar 7thth, 2018

coolaj86 commented

2018-08-14 04:06:40 +00:00

Thanks for reporting this.

I looked through the changelog and I don't suspect any breaking change. Have you tested with the latest version? If so, I'd be happy to update and republish. If not, I'll have to wait until I test it.

Thanks for reporting this. I looked through the changelog and I don't suspect any breaking change. Have you tested with the latest version? If so, I'd be happy to update and republish. If not, I'll have to wait until I test it.

coolaj86 commented

2018-08-14 04:06:43 +00:00

As an aside: I recognize your username, so if you're wondering why your account was deleted, it was due to data loss. There was an update to the digital ocean interface and it was doing some weird things that caused some confusion... anyway, all the code is back up but about 2 months of comments, accounts, and issues were lost.

Ghost commented

2018-08-16 23:06:32 +00:00

I haven't tested this so far. Maybe I'll get to it this weekend.

No worries. May I ask why you switched away from Gitlab for this git server?

I haven't tested this so far. Maybe I'll get to it this weekend. No worries. May I ask why you switched away from Gitlab for this git server?

coolaj86 commented

2018-08-18 10:13:31 +00:00

I had a number of maintenance tasks for greenlock so I just updated and tested everything and updated the docs https://git.coolaj86.com/coolaj86/greenlock-express.js

Unfortunately I lost my company and those who took over switched to doing blockchain investment stuff now.

Legally I exclusively own nearly all the code with few exceptions, so now I host it myself. I found gitea to be much easier to setup and use that gitlab (needs ~10mb of RAM, not 4GB of RAM), and it's in golang, so it's what I decided to stick with (and probably never transfer my repos to a company, even my own, again).

I had a number of maintenance tasks for greenlock so I just updated and tested everything and updated the docs https://git.coolaj86.com/coolaj86/greenlock-express.js Unfortunately I lost my company and those who took over switched to doing blockchain investment stuff now. Legally I exclusively own nearly all the code with few exceptions, so now I host it myself. I found gitea to be much easier to setup and use that gitlab (needs ~10mb of RAM, not 4GB of RAM), and it's in golang, so it's what I decided to stick with (and probably never transfer my repos to a company, even my own, again).

coolaj86 closed this issue

2018-08-18 10:13:31 +00:00

Sign in to join this conversation.

2 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: coolaj86/rsa-compat.js#2