Skip to content

Commit a900f96

Browse files
Exadra37Exadra37
committed
Fixes security CVE-2022-23529 in the Shapes server.
Signed-off-by: Exadra37 <[email protected]>
1 parent 94cbc58 commit a900f96

File tree

4 files changed

+117
-817
lines changed

4 files changed

+117
-817
lines changed

servers/shapes-api/README.md

+2-5
Original file line numberDiff line numberDiff line change
@@ -58,10 +58,7 @@ The token binding in an Approov token is the one in the `pay` key:
5858
"pay":"f3U2fniBJVE04Tdecj0d6orV9qT9t52TjfHxdUqDBgY="
5959
```
6060

61-
**ALERT**:
62-
63-
Please bear in mind that the token binding is not meant to pass application data
64-
to the API server.
61+
> **ALERT**: Please bear in mind that the token binding is not meant to pass application data to the API server.
6562
6663
## SYSTEM CLOCK
6764

@@ -157,7 +154,7 @@ require('dotenv').config()
157154
```js
158155
// file: approov-protected-server.js
159156

160-
const jwt = require('express-jwt')
157+
const { expressjwt: jwt } = require('express-jwt')
161158
const crypto = require('crypto')
162159
```
163160

servers/shapes-api/approov-protected-server.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
const debug = require('debug')('approov-protected-server')
2-
const jwt = require('express-jwt')
2+
const { expressjwt: jwt } = require('express-jwt')
33
const crypto = require('crypto')
44
const config = require('./configuration')
55
const https = require('https')

0 commit comments

Comments
 (0)