Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE @xmldom/xmldom <0.8.4 #7998

Closed
fantuan2367 opened this issue Nov 10, 2022 · 1 comment · Fixed by #8010 · May be fixed by funi-main/videojs-sprite-thumbnails#2
Closed

CVE @xmldom/xmldom <0.8.4 #7998

fantuan2367 opened this issue Nov 10, 2022 · 1 comment · Fixed by #8010 · May be fixed by funi-main/videojs-sprite-thumbnails#2
Labels
bug

Comments

@fantuan2367
Copy link

Description

Xmldom requried by video.js has reported a new CVE.

Reduced test case

GHSA-crh6-fp67-6883

Steps to reproduce

GHSA-crh6-fp67-6883

Errors

No response

What version of Video.js are you using?

7.21.0

Video.js plugins used.

No response

What browser(s) including version(s) does this occur with?

Chrome 107

What OS(es) and version(s) does this occur with?

Windows 10
@fantuan2367 fantuan2367 added bug needs: triage This issue needs to be reviewed labels Nov 10, 2022
@welcome
Copy link

welcome bot commented Nov 10, 2022

👋 Thanks for opening your first issue here! 👋

If you're reporting a 🐞 bug, please make sure you include steps to reproduce it. We get a lot of issues on this repo, so please be patient and we will get back to you as soon as we can.
To help make it easier for us to investigate your issue, please follow the contributing guidelines.

gkatsev added a commit that referenced this issue Nov 21, 2022
@gkatsev
fix: update @videojs/http-streaming to 2.15.1
55843b6 
Fixes #7998, fixes #7958.
@gkatsev gkatsev mentioned this issue Nov 21, 2022
Merged
gkatsev added a commit that referenced this issue Nov 21, 2022
@gkatsev
fix: update @videojs/http-streaming to 2.15.1 (#8010)
1c2be96 
Fixes #7998, fixes #7958.
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 23, 2023
@misteroneill misteroneill removed the needs: triage This issue needs to be reviewed label Mar 28, 2023
edirub pushed a commit to edirub/video.js that referenced this issue Jun 8, 2023
@gkatsev @edirub
fix: update @videojs/http-streaming to 2.15.1 (videojs#8010)
1c511e1 
Fixes videojs#7998, fixes videojs#7958.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
2 participants
@misteroneill @fantuan2367