Skip to content

Commit

Permalink
Fixed livestreaming issue introduced by CVE-2023-46809 in Node.js
Browse files Browse the repository at this point in the history
  • Loading branch information
bropat committed Mar 7, 2024
1 parent 1bf4929 commit b8591dc
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 19 deletions.
4 changes: 4 additions & 0 deletions eufy-security-ws/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 1.8.0-2

- Fixed livestreaming issue introduced by CVE-2023-46809 in Node.js ([#310](https://github.com/bropat/eufy-security-ws/issues/310))

## 1.8.0-1

- Fixed livestreaming issue introduced by CVE-2023-46809 in Node.js ([#310](https://github.com/bropat/eufy-security-ws/issues/310))
Expand Down
2 changes: 1 addition & 1 deletion eufy-security-ws/config.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: eufy-security-ws
description: Allows you to control Eufy security devices over websocket by connecting to the Eufy cloud servers and local/remote stations
version: 1.8.0-1
version: 1.8.0-2
slug: "eufy_security_ws"
url: https://github.com/bropat/hassio-eufy-security-ws
init: false
Expand Down
19 changes: 1 addition & 18 deletions eufy-security-ws/run.sh
Original file line number Diff line number Diff line change
Expand Up @@ -104,26 +104,9 @@ check_version() {
return 0 # lower
}

node_version=$(node -v)
node_result=0
if [ "${node_version:1:2}" = "18" ]; then
check_version "v18.19.1" "$node_version"
node_result=$?
elif [ "${node_version:1:2}" = "20" ]; then
check_version "v20.11.1" "$node_version"
node_result=$?
else
check_version "v21.6.2" "$node_version"
node_result=$?
fi
WORKAROUND_ISSUE_310=""
if [ $node_result -gt 0 ]; then
WORKAROUND_ISSUE_310="--security-revert=CVE-2023-46809"
fi

if bashio::config.has_value 'username' && bashio::config.has_value 'password'; then
echo "$JSON_STRING" > $CONFIG_PATH
exec /usr/bin/node $WORKAROUND_ISSUE_310 $IPV4_FIRST_NODE_OPTION /usr/src/app/node_modules/eufy-security-ws/dist/bin/server.js --host 0.0.0.0 --config $CONFIG_PATH $DEBUG_OPTION $PORT_OPTION
exec /usr/bin/node --security-revert=CVE-2023-46809 $IPV4_FIRST_NODE_OPTION /usr/src/app/node_modules/eufy-security-ws/dist/bin/server.js --host 0.0.0.0 --config $CONFIG_PATH $DEBUG_OPTION $PORT_OPTION
else
echo "Required parameters username and/or password not set. Starting aborted!"
fi
Expand Down

0 comments on commit b8591dc

Please sign in to comment.