Impact
Due to improper error handling an authenticated user can crash CLA assistant instance.
This could impact the availability of the application.
Patches
The issue has been fixed in this version v2.13.0
Workarounds
If you can’t apply the patch, you can temporary disable Node.js default behavior to exit on unhandled rejections using the --unhandled-rejections=warn
Node.js CLI option or NODE_OPTIONS="--unhandled-rejections=warn"
environment variable.
Impact on cla-assistant.io
The hosted offering on cla-assistant.io performs an automatic restart on error and thus was not impacted.
Credits
A very big thanks to Teo Klestrup Röijezon (teo.roijezon@stackable.de) for responsibly disclosing this bug to us.
Impact
Due to improper error handling an authenticated user can crash CLA assistant instance.
This could impact the availability of the application.
Patches
The issue has been fixed in this version v2.13.0
Workarounds
If you can’t apply the patch, you can temporary disable Node.js default behavior to exit on unhandled rejections using the
--unhandled-rejections=warn
Node.js CLI option orNODE_OPTIONS="--unhandled-rejections=warn"
environment variable.Impact on cla-assistant.io
The hosted offering on cla-assistant.io performs an automatic restart on error and thus was not impacted.
Credits
A very big thanks to Teo Klestrup Röijezon (teo.roijezon@stackable.de) for responsibly disclosing this bug to us.