Html.Exploit.CVE_2016_3198-1
qLb opened this issue · 1 comments
qLb commented
Yesterday i scaned whole bunch of archives (unpacked) for sec issues with clamav and guess what it found?
Html.Exploit.CVE_2016_3198-1 FOUND:
bower_components/google-caja/ses-single-frame.js
infected package's bower.json shows:
{
"description": "Google Caja HTML Sanitizer",
"homepage": "https://github.com/minrk/google-caja-bower",
"ignore": [
"git-svn-revision",
"tasks.py"
],
"keywords": [
"sanitization"
],
"license": "Apache 2.0",
"name": "google-caja",
"version": "6005.0.0"
}
false positive?
metaweta commented
Yes; please report it here:
https://www.clamav.net/reports/fp
…On Sat, Dec 10, 2016 at 11:48 AM, qLb ***@***.***> wrote:
Yesterday i scaned whole bunch of archives (unpacked) for sec issues with
clamav and guess what it found?
*Html.Exploit.CVE_2016_3198-1 FOUND*:
bower_components/google-caja/ses-single-frame.js
infected package's bower.json shows:
{
"description": "Google Caja HTML Sanitizer",
"homepage": "https://github.com/minrk/google-caja-bower",
"ignore": [
"git-svn-revision",
"tasks.py"
],
"keywords": [
"sanitization"
],
"license": "Apache 2.0",
"name": "google-caja",
"version": "6005.0.0"
}
false positive?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#2014>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AA0V-CjCj0fiy20BEF0iqGI0iG9SZKAjks5rGvQOgaJpZM4LJula>
.
--
Mike Stay - metaweta@gmail.com
http://www.cs.auckland.ac.nz/~mike
http://reperiendi.wordpress.com