summaryrefslogtreecommitdiff
path: root/lib/web/auth/email
diff options
context:
space:
mode:
authorSheogorath2020-06-27 12:44:20 +0200
committerSheogorath2020-06-27 13:04:54 +0200
commit3cc957a88b3b434edbc9db072c7259d188333c9a (patch)
tree39da8486e8cbfae89d413448da7ddb1be20586fa /lib/web/auth/email
parentc789b71cc3080a242858d30b5711aa7c43d41b2a (diff)
Upgrade LDAP-auth to fix RCE in ldapauth dependency
Synk reported an Remote Code Execution vulnerability for the passport-ldapauth dependency `bunyan`. This RCE is due to wrong command sanitizing but doesn't only affects the executable the libary provides. It has no impact on CodiMD. This patch just updates passport-ldapauth since it's long overdue anyway and to silence annoying security scanners that pretend this is rather critical for us. Reference: https://github.com/trentm/node-bunyan/commit/ea21d75f548373f29bb772b15faeb83e87089746 https://app.snyk.io/vuln/SNYK-JS-BUNYAN-573166
Diffstat (limited to 'lib/web/auth/email')
0 files changed, 0 insertions, 0 deletions