Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

doc: add json entry for latest sec vuln #46

Closed
wants to merge 2 commits into from
Closed

doc: add json entry for latest sec vuln #46

wants to merge 2 commits into from

Conversation

mhdawson
Copy link
Member

No description provided.

@mhdawson mhdawson requested a review from sam-github September 29, 2017 20:39
cjihrig
cjihrig approved these changes Sep 29, 2017
View reviewed changes
Copy link
Contributor

@cjihrig cjihrig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with a comment/question.

vuln/core/42.json Outdated
"vulnerable": "8.5.0",
"patched": "^8.6.0",
"ref": "https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/",
"overview": " Node.js version 8.5.0 included a change which caused a security vulnerability in the checks on paths made by some community modules. As a result, an attacker may be able to access file system paths other than those intended. \n\n"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a leading space here and a trailing space. Also, are the \ns significant?

@mhdawson
Copy link
Member Author

mhdawson commented Oct 2, 2017

I put the \ns in as they were in some other ones that I used as an example. @sam-github are they needed ?

vdeturckheim
vdeturckheim approved these changes Oct 2, 2017
View reviewed changes
Copy link
Member

@vdeturckheim vdeturckheim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@mhdawson
Copy link
Member Author

mhdawson commented Oct 2, 2017

Pushed change to address comments

mhdawson added a commit that referenced this pull request Oct 2, 2017
@mhdawson
doc: add json entry for latest sec vuln
24bc2f9 
PR-URL: #46
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Vladimir Kurchatkin <vladimir.kurchatkin@gmail.com>
@mhdawson
Copy link
Member Author

mhdawson commented Oct 2, 2017

Landed as 24bc2f9

@mhdawson mhdawson closed this Oct 2, 2017
patrickm68 added a commit to patrickm68/security-wg-process that referenced this pull request Sep 14, 2023
@patrickm68
doc: add json entry for latest sec vuln
6a04d5c 
PR-URL: nodejs/security-wg#46
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Vladimir Kurchatkin <vladimir.kurchatkin@gmail.com>
mattstern31 added a commit to mattstern31/security-wg-process that referenced this pull request Nov 11, 2023
@mattstern31
doc: add json entry for latest sec vuln
90d4389 
PR-URL: nodejs/security-wg#46
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Vladimir Kurchatkin <vladimir.kurchatkin@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vdeturckheim vdeturckheim vdeturckheim approved these changes

@cjihrig cjihrig cjihrig approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mhdawson @cjihrig @vdeturckheim