Recent Security Concerns - CVE-2024-21521 #158
Labels
bug
Something isn't working
Comments
|
My apologies. I just saw the pull request that was pulled under a different title. I'll be closing this. |
1 task
|
Keep in mind that the CVE is in no way a "major vulnerability". Its the second time we get a CVE, that, imo, is ranked very inaccurately, and I've opened a PR for that on their side. The "vulnerability" is you, the developer, passing in wrong data when constructing the encoder, causing a crash - something that you'd spot and fix in 5 minutes tops. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue description
Due to the recent major security vulnerability reported with all versions of @discordjs/opus, are there any plans to release a fix for this? With the project not having a released update in almost two years, I was hoping to get clarification on this, and make sure it's not just abandoned by the developers.
If this has already been discussed or is planned, my apologies. I couldn't find anything recent from this project about it. (The issue is also fairly new, so I understand that it may take time for this to be figured out).
Code sample
No response
Versions
@discordjs/opus - All versions
Issue priority
High (immediate attention needed)
The text was updated successfully, but these errors were encountered: