Pako and CVE-2018-25032 vulnerability
alex3683 opened this issue · comments
Alex commented
I'm using pako in version 1.0.11 via jszip and wanted to know, whether this is affected by CVE-2018-25032 or not. I'm unsure whether by design JavaScript is not vulnerable to such an attack but wanted to make sure.
Vitaly Puzrin commented
JS does not allows out of bounds writes.
Alex commented
Ok, thanks for clarification.