This repository was archived by the owner on Dec 4, 2023. It is now read-only.
Security Vulnerability in therubyracer-0.12.3 #460
Comments
|
This gem is crimping my style on arm64 awslinux2 rvm ruby 2.5.1. Hardcoded x86 in the old v8 version. Would bumping libv8 do the trick for you? |
|
Sorry but this gem is unmaintained, so I will close this issue. We recommend going with mini_racer + libv8-node. If you feel the issue is still relevant to either of those, please open an issue over there! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
My team runs a series of continuous security scans against our dependencies, and in September, this issue was surfaced
"The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compile listeners, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." "
Specifically this issue was identified in dradis-dradis-3.1.0.rc2-linux-x86. The fix would be to update to upgrade to version 4.2.69 of dradis.
Are there any plans for a new version which might address this issue?
The text was updated successfully, but these errors were encountered: