Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
DoS attack vulnerability
See original GitHub issueExpected Behavior
Jimp.read promise should be rejected in case of errors.
Current Behavior
Jimp.read throws an error when providing a site with infinite redirect. Can be used to take an app down.
Failure Information (for bugs)
An uncaught exception is thrown inside Jimp.
Steps to Reproduce
Step 1. Run this code and see what happens:
var Jimp = require('jimp');
Jimp.read('https://infinity.👋🏼.ml').then(async (image) => {
// Code is not necessary here
}).catch((e) => {
console.error(e);
});
infinity.👋🏼.ml is a site with infinite redirect.
Screenshots No screenshots
Context
- Jimp Version: 0.16.1
- Operating System: Linux
- Node version: 14.15.5
Failure Logs
TypeError: Cannot read property 'toLowerCase' of null
at phin (/tmp/node_modules/phin/lib/phin.compiled.js:1:744)
at module.exports (/tmp/node_modules/@jimp/core/dist/request.js:44:5)
at loadFromURL (/tmp/node_modules/@jimp/core/dist/index.js:104:27)
at /tmp/node_modules/@jimp/core/dist/index.js:111:14
at /tmp/node_modules/@jimp/core/dist/request.js:48:9
at IncomingMessage.<anonymous> (/tmp/node_modules/phin/lib/phin.compiled.js:1:2100)
Issue Analytics
- State:
- Created 2 years ago
- Comments:11
Top Results From Across the Web
Understanding Denial-of-Service Attacks | CISA - US-CERT
A denial-of-service (DoS) attack occurs when legitimate users are unable to access information systems, devices, or other network resources due ...
Read more >Denial of Service - OWASP Foundation
The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed.
Read more >DDoS Attacks Explained: Causes, Effects, and How to Protect ...
A DDoS attack could render your site more vulnerable to hacking as all of your systems are focused on getting the site back...
Read more >Denial-of-Service (DDoS) Attacks Explained - Rapid7
Denial-of-service (DoS) attacks focus on disrupting or preventing legitimate users from accessing websites, applications, or other resources. These attacks have ...
Read more >What is a denial-of-service (DoS) attack? - Cloudflare
A denial-of-service (DoS) attack is a type of cyber attack in which a malicious actor aims to render a computer or other device...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@oliver-moran Please look at/review this PR!
Actually it looks like this has been fixed in Phin. I’m not sure that fully though, so will keep the issue open.