Node.js third-party modules disclosed on HackerOne: `njwt`...
I would like to report an uninitialized Buffer allocation issue in `njwt`. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed (e.g. from JSON). # Module **module name:** `njwt` **version:** 0.4....
No comments:
Post a Comment