Critical severity vulnerability was found in npm nodebb (npm) .

Impact

Incorrect logic present in the token verification step unintentionally allowed master token access to the API.

Patches

The vulnerability has been patch as of v1.18.5.

Workarounds

Cherry-pick commit hash 04dab1d550cdebf4c1567bca9a51f8b9ca48a500 to receive this patch in lieu of a full upgrade.

References


Courtesy:https://github.com/advisories/GHSA-hf2m-j98r-4fqw

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *