Aspose.Slides for Node.js and Vulnerability Errors (CVE-2021-23358, CVE-2023-20569)

vigneshpmmc200 · February 21, 2024, 12:45pm

We are trying to deploy Aspose.slides.via.java in deocker and we are getting the following SysDig vulnerability error:

CVE-2021-23358 2021-03-29 High v1.12.1 underscore 1.4.4

CVE-2023-20569 2023-08-08 High linux-libc-dev

andrey.potapov · February 21, 2024, 3:45pm

@vigneshpmmc200,
Thank you for contacting support.

To investigate the case, we need more details. Could you please describe step by step how to reproduce the errors you encountering?

vigneshpmmc200 · February 21, 2024, 4:15pm

Hi ,
We are installing node-java and build-essential as mentioned in this link How to Create a Docker Image to Run Aspose.Cells for Node.js via Java

But node-java has a dependency on underscore 1.4.4 and has vulnerability and CID pipeline is failing during vulnerability scan

andrey.potapov · February 21, 2024, 4:29pm

@vigneshpmmc200,
Thank you for the additional information. I am working on the issue and will get back to you soon.

vigneshpmmc200 · February 21, 2024, 4:58pm

@andrey.potapov Is the npm package node-java dependency for Apose.slides.via.java mandatory for aspose to work correctly

andrey.potapov · February 22, 2024, 3:16am

@vigneshpmmc200,
Thank you for the question and your patience, I will get back to you as soon as possible.

andrey.potapov · February 22, 2024, 3:54am

@vigneshpmmc200,
The article you mentioned above is related to Aspose.Cells for Node.js. It looks like you are trying to create a Docker container for Aspose.Slides for Node.js using that tutorial for Aspose.Cells for Node.js. Could you please confirm?

vigneshpmmc200 · February 22, 2024, 4:20am

Yes you are right and also in this article Installation|Aspose.Slides for Node.js Documentation
it says that node-java is required to be installed for Aspose.sides.via.java.

If I remove that node-java installation step will the aspose library work?
I am using:
Node : 18x
Python: 3x

andrey.potapov · February 22, 2024, 4:51am

@vigneshpmmc200,
We have opened the following new ticket(s) in our internal issue tracking system and will consider your questions according to the terms mentioned in Free Support Policies.

Issue ID(s): SLIDESNODEJS-53

You can obtain Paid Support Services if you need support on a priority basis, along with the direct access to our Paid Support management team.

andrey.potapov · February 22, 2024, 4:03pm

@vigneshpmmc200,
Our developers have investigated the case.

This link is related to Aspose.Cells. It looks like this code should work with Aspose.Slides for Node.js via Java as well, but you should change the following line RUN npm install -g node-java to RUN npm install -g java.

Please pay attention that point number 4 in the list that sound like this:

Install node-java bridge. You can run these commands in terminal.

But in the commands associated with this point number 4 you can see the following line npm install java.

As we now see, there is a typo in this article.

To be clear, we do not have a dependency on node-java (this is a typo). You should install the java package instead of node-java.

We have corrected the article accordingly.