-
Notifications
You must be signed in to change notification settings - Fork 510
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security - CRITICAL - Unsafe dynamic method access #471
Comments
The link returns a 404. |
Our project use zip.js lib, and a security scan return this alert. |
This line of code is related to the legacy version of zip.js. It can only be found in the previous version of the documentation, see https://github.com/gildas-lormeau/zip.js/blob/gh-pages/old-docs/demos/z-worker.js#L45. This code is not used in the current version of zip.js. To solve this problem, you could retrieve only the master branch of zip.js in your project and ignore the branch gh-pages which is used for documentation purposes only. Alternatively, if you're using the old version of zip.js then it has to be updated to the new version because the old version is not maintained anymore. |
ok thanks. I will upgrade. Do you know from wich version of zip.js this code come from ? https://raw.githubusercontent.com/mviewer/mviewer/master/demo/addons/fileimport/lib/zip.js |
This is the old version of zip.js. FYI, here is the last commit of this version: https://github.com/gildas-lormeau/zip.js/tree/3e7920810f63d5057ef6028833243105521da369. |
Ok Thanks. Weird to have too old lib (external contribution)... need real update of zip.js in my project. |
You're welcome! Kenavo |
Hi,
According to CodeQL scan, z-worker return a CRITICAL issue.
See https://github.com/mviewer/mviewer/security/code-scanning/23 to get more details.
The text was updated successfully, but these errors were encountered: