-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Recent Security Concerns - CVE-2024-21521 #158
Comments
My apologies. I just saw the pull request that was pulled under a different title. I'll be closing this. |
Keep in mind that the CVE is in no way a "major vulnerability". Its the second time we get a CVE, that, imo, is ranked very inaccurately, and I've opened a PR for that on their side. The "vulnerability" is you, the developer, passing in wrong data when constructing the encoder, causing a crash - something that you'd spot and fix in 5 minutes tops. |
Issue description
Due to the recent major security vulnerability reported with all versions of @discordjs/opus, are there any plans to release a fix for this? With the project not having a released update in almost two years, I was hoping to get clarification on this, and make sure it's not just abandoned by the developers.
If this has already been discussed or is planned, my apologies. I couldn't find anything recent from this project about it. (The issue is also fairly new, so I understand that it may take time for this to be figured out).
Code sample
No response
Versions
@discordjs/opus - All versions
Issue priority
High (immediate attention needed)
The text was updated successfully, but these errors were encountered: