[x3d-public] A new security advisory on mongodb affects 3 of your repositories

John Carlson yottzumm at gmail.com
Sat Sep 5 01:45:55 PDT 2020


I patched these advisories, but did not test any code.  The main problem I
saw was *kerberos* could have it's calls redirected if a similar package
with a different path was installed on the path (or linker path).

If you use/fork these repositories, let me know, and I will do additional
testing:

https://github.com/coderextreme/x3djson/
https://github.com/coderextreme/x3dmongo/
https://github.com/coderextreme/X3DJSONTOD3/

Thanks!

John




On Fri, Sep 4, 2020 at 1:07 PM John Carlson <yottzumm at gmail.com> wrote:

>
> Fed:
>
>
> There is an issue with the mongodb dependency in three of my repositories.
>   I may  get to them tonight.   If you’d like to prioritize which
> repository comes first, contact me.
>
> This probably can be a big warning for those using an old version of
> mongodb.
>
> John
>
>
> ---------- Forwarded message ---------
> From: GitHub <noreply at github.com>
> Date: Fri, Sep 4, 2020 at 1:49 AM
> Subject: A new security advisory on mongodb affects 3 of your repositories
> To: John Carlson <yottzumm at gmail.com>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> A new security advisory was published
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [image: GitHub]
>
> <https://github.com>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> A new security advisory was published
>
>
>
>
>
>
>
>
>
>
>
> We found a vulnerable dependency in repositories you have security alert
> access to.
>
>
>
>
> Security advisory
>
>
>
> GHSA-mh5c-679w-hh4r <https://github.com/advisories/GHSA-mh5c-679w-hh4r>
>
> (high severity)
>
>
>
> affects
>
>
>
> 3 repositories:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> mongodb
>
>
>
> (npm)
>
> used in
>
>
>
>
>
> 3 repositories
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [image: @coderextreme]
>
> coderextreme/x3djson
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> View alert
>
>
> <https://github.com/coderextreme/x3djson/network/alert/package-lock.json/mongodb/open>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [image: @coderextreme]
>
> coderextreme/X3DJSONTOD3
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> View alert
>
>
> <https://github.com/coderextreme/X3DJSONTOD3/network/alert/package.json/mongodb/open>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [image: @coderextreme]
>
> coderextreme/x3dmongo
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> View alert
>
>
> <https://github.com/coderextreme/x3dmongo/network/alert/package.json/mongodb/open>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------
>
>
>
>
>
>
> Email preferences
> <https://github.com/settings/notifications#vulnerability-alerts-heading> ·
>
> Terms <https://docs.github.com/articles/github-terms-of-service/> ·
>
> Privacy <https://docs.github.com/articles/github-privacy-policy/> ·
>
> Sign into GitHub <https://github.com/login>
>
>
>
>
>
> GitHub, Inc.
> 88 Colin P Kelly Jr St.
> <https://www.google.com/maps/search/88+Colin+P+Kelly+Jr+St.+San+Francisco,+CA+94107?entry=gmail&source=g>
> San Francisco, CA 94107
> <https://www.google.com/maps/search/88+Colin+P+Kelly+Jr+St.+San+Francisco,+CA+94107?entry=gmail&source=g>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://web3d.org/pipermail/x3d-public_web3d.org/attachments/20200905/7edfda3b/attachment-0001.html>


More information about the x3d-public mailing list