Kerberos is a Node.js library facilitating Kerberos authentication, essential for secure network communication and authentication in enterprise environments. Version 0.0.9 brings a notable update compared to its predecessor, version 0.0.8. The key difference lies in the dependency on the "nan" package, a crucial tool for writing native Node.js addons. Version 0.0.9 upgrades this dependency to "nan" version 1.6.2, while version 0.0.8 relies on the older 1.5.1.
This "nan" upgrade is significant. "nan" ensures compatibility across different Node.js versions, handling the intricacies of the Node.js ABI (Application Binary Interface). The newer "nan" version likely incorporates fixes and improvements that enhance the stability and compatibility of kerberos with more recent Node.js releases. Developers should note this, especially if they are using newer Node.js versions, as the upgrade may resolve potential build or runtime issues encountered with the older version. Both versions share the same core functionality, description, repository, license and author.
For developers considering using the 'kerberos' package, the choice between versions 0.0.8 and 0.0.9 hinges on their specific Node.js environment. If using a newer Node.js version, version 0.0.9 with its updated "nan" dependency is the recommended choice for better overall stability. This Kerberos library, backed by the Apache 2.0 license, allows you to implement secure Kerberos authentication into your javascript applications.
All the vulnerabilities related to the version 0.0.9 of the package
DLL Injection in kerberos
Version of kerberos prior to 1.0.0 are vulnerable to DLL Injection. The package loads DLLs without specifying a full path. This may allow attackers to create a file with the same name in a folder that precedes the intended file in the DLL path search. Doing so would allow attackers to execute arbitrary code in the machine.
Upgrade to version 1.0.0 or later.
