Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CVE-2022-23852] of underlying libexpat #215

Open
Ilmarinen100 opened this issue Jan 31, 2022 · 4 comments
Open

[CVE-2022-23852] of underlying libexpat #215

Ilmarinen100 opened this issue Jan 31, 2022 · 4 comments

Comments

@Ilmarinen100
Copy link

The underlying version of libexpat packaged in node-expat is most likely vulnerable to the vulnerability documented for libexpat < 2.4.4
@astro
Copy link
Collaborator

astro commented Jan 31, 2022

Using an OS with package management, I've always wondered why we vendored libexpat.

@Ilmarinen100
Copy link
Author

Using an OS with package management, I've always wondered why we vendored libexpat.

If only all OSes brought libs like that ... but wait - we might even get fewer security fixes for older devices where nobody updates the OS :D

@hartwork hartwork mentioned this issue Jan 31, 2022
Closed
25 tasks
@hartwork
Copy link

Please note that Expat 2.4.5 with more security fixes has been released by now.

@hartwork hartwork mentioned this issue Feb 19, 2022
Closed
27 tasks
@AudunWA
Copy link

AudunWA commented Feb 23, 2024

Are there any plans to upgrade the bundled libexpat version to latest?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@astro @hartwork @Ilmarinen100 @AudunWA