diff options
author | Sheogorath | 2020-06-27 12:44:20 +0200 |
---|---|---|
committer | Sheogorath | 2020-06-27 13:04:54 +0200 |
commit | 3cc957a88b3b434edbc9db072c7259d188333c9a (patch) | |
tree | 39da8486e8cbfae89d413448da7ddb1be20586fa /lib/web | |
parent | c789b71cc3080a242858d30b5711aa7c43d41b2a (diff) |
Upgrade LDAP-auth to fix RCE in ldapauth dependency
Synk reported an Remote Code Execution vulnerability for the
passport-ldapauth dependency `bunyan`. This RCE is due to wrong command
sanitizing but doesn't only affects the executable the libary provides.
It has no impact on CodiMD.
This patch just updates passport-ldapauth since it's long overdue anyway
and to silence annoying security scanners that pretend this is rather
critical for us.
Reference:
https://github.com/trentm/node-bunyan/commit/ea21d75f548373f29bb772b15faeb83e87089746
https://app.snyk.io/vuln/SNYK-JS-BUNYAN-573166
Diffstat (limited to 'lib/web')
0 files changed, 0 insertions, 0 deletions