MEDIUM
GHSA-2944-57xv-2682
@asymmetric-effort/specifyjs: `data:` URI allowed without size restriction
상세
## Finding
**Location**: `core/src/shared/secure-fetch.ts:33-35`
`data:` URIs were allowed without any restriction. While `data:` URIs don't make network requests, they can be used for memory exhaustion via very large data URIs.
## Status
**Fixed in v0.2.136** — `data:` URIs are now limited to 1MB. URIs exceeding this limit throw an error.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
npm / @asymmetric-effort/specifyjs
최초 영향 버전:
0 수정 버전: 0.2.136 수정
npm install @asymmetric-effort/specifyjs@0.2.136