floofloof@lemmy.ca to Technology@lemmy.mlEnglish · 5 days agoDev rejects CVE severity, makes his GitHub repo read-onlywww.bleepingcomputer.comexternal-linkmessage-square17fedilinkarrow-up193
arrow-up193external-linkDev rejects CVE severity, makes his GitHub repo read-onlywww.bleepingcomputer.comfloofloof@lemmy.ca to Technology@lemmy.mlEnglish · 5 days agomessage-square17fedilink
minus-squareSirQuackTheDuck@lemmy.worldlinkfedilinkarrow-up11·5 days agoEven worse, the CVE is effectively “if you use the package wrong, you get weird results”. The affected method has signature function isPrivate(ip: string): boolean. Passing in a hex number is not a string, and a method (toString) exists for this.
Even worse, the CVE is effectively “if you use the package wrong, you get weird results”.
The affected method has signature
function isPrivate(ip: string): boolean
. Passing in a hex number is not a string, and a method (toString
) exists for this.