Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

question: how to address security issue reported in CVE-2019-18413 #623

Closed
lalit0024 opened this issue Jun 2, 2020 · 2 comments
Closed

question: how to address security issue reported in CVE-2019-18413 #623

lalit0024 opened this issue Jun 2, 2020 · 2 comments
Labels
type: question Questions about the usage of the library.

Comments

@lalit0024
Copy link

lalit0024 commented Jun 2, 2020
edited

Description

https://github.com//issues/438

The above issue #438 talks about incomplete documentation about a flag "forbidUnknownValues",
which seems already addressed as we can see the mention of this flag in Readme.
Second, there are suggestions to change the default behavior of this flag, That too getting addressed in 1.0 release as per this snippet from the changelog.md.

0.8.4

Features

  • ValidatorOptions now has a forbidUnknownValues key to prevent unknown objects to pass validation
    • it's highly advised to turn this option on
    • now this option defaults to false but will be default to true after the 1.0 release

Why we need #438 if everything is getting addressed. Because 438 also have an entry https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18413 , All the corporate scanning tools are not allowing this library to be used and creating a lot of problems.

Owners I request you to please close #438 and this issue as well as a result of that.
@lalit0024 lalit0024 changed the title How to address issue hanging #438 How to address hanging issue #438 Jun 2, 2020
@NoNameProvided NoNameProvided added the type: question Questions about the usage of the library. label Dec 9, 2022
@NoNameProvided NoNameProvided changed the title How to address hanging issue #438 question: how to address security issue reported in CVE-2019-18413 Dec 13, 2022
@NoNameProvided
Copy link
Member

Tracked in #1422.

@github-actions
Copy link

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 12, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type: question Questions about the usage of the library.
Milestone
No milestone
Development

No branches or pull requests
2 participants
@NoNameProvided @lalit0024