Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prototype Override Protection Bypass Vulnerability #461

Closed
drewjenkins opened this issue Aug 23, 2018 · 5 comments
Closed

Prototype Override Protection Bypass Vulnerability #461

drewjenkins opened this issue Aug 23, 2018 · 5 comments
Labels
minor version non-breaking, non-trivial change stale

Comments

@drewjenkins
Copy link

See https://app.snyk.io/test/npm/http-server/0.11.1

Also wrote up an issue on union's github flatiron/union#59

To resolve, wait for union to update their version of qs or remove the dependency
@thornjad
Copy link
Member

thornjad commented Sep 4, 2018

PR submitted to union flatiron/union#61

@BigBlueHat BigBlueHat added the minor version non-breaking, non-trivial change label Sep 18, 2018
@BigBlueHat BigBlueHat mentioned this issue Oct 4, 2018
Merged
@BigBlueHat
Copy link
Member

Just bumped the flatiron/union issue and hopefully that unblocks this issue. However, we do need to address this sooner than later.

@thornjad thornjad mentioned this issue Feb 5, 2019
Merged
@jumoog
Copy link

jumoog commented Mar 6, 2019

"ecstatic": "^3.3.1" 👍

thornjad pushed a commit to thornjad/http-server that referenced this issue Apr 15, 2019
@chill117 @thornjad
Updated dependencies to fix security issues
e1f4ec2 
Removed common-style (deprecated, depends on unpatched packages)

Issue http-party#461
@thornjad thornjad mentioned this issue Apr 19, 2019
Closed
@miherlosev miherlosev mentioned this issue Apr 30, 2019
Closed
@thornjad thornjad mentioned this issue May 2, 2019
Closed
@github-actions
Copy link

This issue has been inactive for 180 days

@github-actions github-actions bot added the stale label Aug 24, 2021
@thornjad
Copy link
Member

This should be fixed as of http-server v13.0.0, please re-open if this is not the case

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
minor version non-breaking, non-trivial change stale
Projects
None yet
Milestone
No milestone
4 participants
@BigBlueHat @jumoog @drewjenkins @thornjad