USN-6082-1: EventSource vulnerability
17 May 2023
EventSource could leak sensitive information if it opened a specially crafted input file.
- node-eventsource - EventSource client for Node.js and Browser (polyfill)
It was discovered that EventSource incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to obtain
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.