Uploaded image for project: 'Node.js Driver'
  1. Node.js Driver
  2. NODE-6265

kerberos.js misses Spectre mitigation and control flow guard flags

XMLWordPrintableJSON

    • 1
    • 1
    • Not Needed
    • Not Needed
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?

      BinSkim (a Microsoft binary analyzer) has identified that kerberos.js is missing Spectre mitigation and control flow guard flags.

       

      Spectre mitigation docs: https://learn.microsoft.com/en-us/cpp/build/reference/qspectre?view=msvc-170

      Control flow guard docs: https://learn.microsoft.com/en-us/cpp/build/reference/guard-enable-guard-checks?view=msvc-170

       

      This issue affects the compliance of Visual Studio Code downstream and the general security of the binary, and is a continuation of https://github.com/mongodb-js/kerberos/pull/158.

            Assignee:
            aditi.khare@mongodb.com Aditi Khare (Inactive)
            Reporter:
            raymondzhao@microsoft.com Raymond Zhao
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: