Skip to content

Commit

Permalink
Merge pull request #787 from snyk/fix/mitigate-ws-header-dos-vuln
Browse files Browse the repository at this point in the history 
fix: mitigate vuln SNYK-JS-WS-7266574
  • Loading branch information
@aarlaud
aarlaud authored Jun 27, 2024
2 parents 3ddb822 + a2190b1 commit ff86e4e
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
5 changes: 5 additions & 0 deletions .snyk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,9 @@ ignore:
reason: No fix from RHEL available
expires: 2024-05-14T11:13:13.154Z
created: 2024-05-07T11:13:13.157Z
SNYK-JS-WS-7266574:
- '*':
reason: Mitigated in code
expires: 2024-07-26T21:59:20.738Z
created: 2024-06-26T21:59:20.744Z
patch: {}
1 change: 1 addition & 0 deletions lib/common/http/webserver.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ export const webserver = (config, altPort: number) => {
},
app,
);
server.maxHeadersCount = 0; // fix https://security.snyk.io/vuln/SNYK-JS-WS-7266574
server.requestTimeout = process.env.BROKER_WEBSERVER_REQUEST_TIMEOUT
? parseInt(process.env.BROKER_WEBSERVER_REQUEST_TIMEOUT)
: 600000;
Expand Down

0 comments on commit ff86e4e

Please sign in to comment.