Skip to content

1.8.1
Compare
Choose a tag to compare
@kravets-levko kravets-levko released this 15 Feb 18:08
· 42 commits to main since this release
1.8.1
340a63a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

This is a security release which addresses issues with library dependencies

https://github.com/databricks/databricks-sql-nodejs/security/dependabot/34

An issue in all published versions of the NPM package ip allows an attacker to execute arbitrary code and
obtain sensitive information via the isPublic() function. This can lead to potential Server-Side Request
Forgery (SSRF) attacks. The core issue is the function's failure to accurately distinguish between
public and private IP addresses.

Assets 2
Loading