-
-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2022-24434 dicer 包所有版本有安全风险,需要方案解决 #5018
Comments
我看了下,busboy 的 api 有些变化,得改改保证兼容性 |
@gm3000 我尽量吧:#4977 (comment) |
@gm3000 你升级看看, egg3 然后 node 14.x+ |
iblogc
pushed a commit
to iblogc/egg
that referenced
this issue
Jan 9, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What happens?
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24434
是一个最高风险的CVE,破坏者可以通过form提交搞崩node,而问题根源dicer所有版本都有这个问题。
最新的egg依然引用,导致我们采用eggjs的产品无法通过安全审查,需要解决这个严重的安全问题。
最小可复现仓库
复现步骤,错误日志以及相关配置
相关环境信息
The text was updated successfully, but these errors were encountered: