Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-02-16 11:37:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: update validator dep. to get fix for CVE-2025-56200

Browse Source 
https://nvd.nist.gov/vuln/detail/CVE-2025-56200
This commit is contained in:
Barış Soner Uşaklı
2025-11-20 09:02:17 -05:00
parent 12dab84914
commit af477d0c2d
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
install/package.json
View File

@@ -148,7 +148,7 @@
"toobusy-js": "0.5.1", "toobusy-js": "0.5.1",
"tough-cookie": "6.0.0", "tough-cookie": "6.0.0",
"undici": "^7.10.0", "undici": "^7.10.0",
"validator": "13.15.15", "validator": "13.15.23",
"webpack": "5.102.0", "webpack": "5.102.0",
"webpack-merge": "6.0.1", "webpack-merge": "6.0.1",
"winston": "3.17.0", "winston": "3.17.0",

8
test/user/custom-fields.js
View File

@@ -88,6 +88,14 @@ describe('custom user fields', () => {
{ message: '[[error:custom-user-field-invalid-link, Website]]' }, { message: '[[error:custom-user-field-invalid-link, Website]]' },
); );
await assert.rejects(
user.updateProfile(highRepUid, {
uid: highRepUid,
website: 'javascript:alert("xss")',
}),
{ message: '[[error:custom-user-field-invalid-link, Website]]' },
);
await assert.rejects( await assert.rejects(
user.updateProfile(highRepUid, { user.updateProfile(highRepUid, {
uid: highRepUid, uid: highRepUid,