Forum Replies Created
-
Posts
-
Hi Yigit,
thanks for your information. We will check how we can disable/remove this item.
Best Regards,
TomHi Günter,
Thanks for coming back on this.
It’s good to put this on the dev map, but as this is a Vulnerability CVE we wonder if this feature should not be removed from code by now and added again when it is resolved? Leaving this open door for DOS seems not to be a good idea IMHO.
Best Regards, TomHi Rikard,
we are running Version 6.0.4 currently. It seems that there is 6.0.6 out now.
As it is hard to find out, what version is used, we found these comments inside dotlottie-player.js
/*!JSZip v3.6.0 – A JavaScript class for generating and reading zip files
<http://stuartk.com/jszip>(c) 2009-2016 Stuart Knightley <stuart [at] stuartk.com>
Dual licenced under the MIT license or GPLv3. See https://raw.github.com/Stuk/jszip/master/LICENSE.markdown.JSZip uses the library pako released under the MIT license :
https://github.com/nodeca/pako/blob/master/LICENSE
*/
!function(e){t.exports=e()}((function(){return function t(e,r,i){function n(a,o){if(!r[a]){if(!e[a]){var h=”function”==typeof commonjsRequire&&commonjsRequire;if(!o&&h)return h(a,!0);if(s)return s(a,!0);var l=new Error(“Cannot find module ‘”+a+”‘”);throw l.code=”MODULE_NOT_FOUND”,l}var p=r[a]={exports:{}};e[a][0].call(p.exports,(function(t){var r=e[a][1][t];return n(r||t)}),p,p.exports,t,e,r,i)}return r[a].exports}for(var s=”function”==typeof commonjsRequire&&commonjsRequire,a=0;a<i.length;a++)n(i[a]);return n}({1:[function(t,e,r){(function(i){
/*!JSZip v3.5.0 – A JavaScript class for generating and reading zip files
<http://stuartk.com/jszip>(c) 2009-2016 Stuart Knightley <stuart [at] stuartk.com>
Dual licenced under the MIT license or GPLv3. See https://raw.github.com/Stuk/jszip/master/LICENSE.markdown.JSZip uses the library pako released under the MIT license :
https://github.com/nodeca/pako/blob/master/LICENSE
*/Best Regards
Tom
