Security update: CVE-2014-1403 - additional patch

Skip to first unread message

Øyvind Sean Kinsey

Jan 19, 2014, 1:19:44 PM1/19/14
to easyxdm,
Please note that a the initial fix contained a flaw, which has since been updated. To make sure you are properly protected, use either master, or the download.

Apologies for not catching this initially, and thanks to the security researcher Krzysztof Kotowicz for noticing.


On Sat, Jan 18, 2014 at 2:18 PM, Øyvind Sean Kinsey <> wrote:
An update has been made to easyXDM to remove a potential vulnerability.
You can find the release on

Please update easyxdm.min.js, name.html, or both as soon as possible in order to mitigate possible attack vectors.

I would also like to remind you that you should never expose the full content of the distributed zip file, as the examples are not fully vetted and might expose you to unwanted risk.


Reply all
Reply to author
0 new messages