When I am running code https://github.com/Vonage/vonage-node-code-snippets/blob/master/voice/make-call.js, I found following error

Error: secretOrPrivateKey must be an asymmetric key when using RS256
at module.exports (/root/vonage-node-code-snippets/node_modules/jsonwebtoken/sign.js:130:22)
at tokenGenerate (/root/vonage-node-code-snippets/node_modules/@vonage/jwt/dist/tokenGenerate.js:97:12)
at Auth.createBearerHeader (/root/vonage-node-code-snippets/node_modules/@vonage/auth/dist/auth.js:140:54)
at Voice.addAuthenticationToRequest (/root/vonage-node-code-snippets/node_modules/@vonage/server-client/dist/client.js:82:52)
at Voice.prepareRequest (/root/vonage-node-code-snippets/node_modules/@vonage/server-client/dist/client.js:256:30)
at Voice.sendRequest (/root/vonage-node-code-snippets/node_modules/@vonage/server-client/dist/client.js:212:34)
at Voice.sendRequestWithData (/root/vonage-node-code-snippets/node_modules/@vonage/server-client/dist/client.js:196:27)
at Voice.sendPostRequest (/root/vonage-node-code-snippets/node_modules/@vonage/server-client/dist/client.js:169:21)
at Voice.createOutboundCall (/root/vonage-node-code-snippets/node_modules/@vonage/voice/dist/voice.js:202:33)
at Object. (/root/vonage-node-code-snippets/voice/make-call.js:24:14)

This error occured on following code snippet:

const vonage = new Vonage({
apiKey: VONAGE_API_KEY,
apiSecret: VONAGE_API_SECRET,
applicationId: VONAGE_APPLICATION_ID,
privateKey: privateKey,
})

const vonage = new Vonage({
apiKey: VONAGE_API_KEY,
apiSecret: VONAGE_API_SECRET,
applicationId: VONAGE_APPLICATION_ID,
privateKey: VONAGE_APPLICATION_PRIVATE_KEY_PATH
})

Possible Solution

const privateKey = fs.readFileSync(VONAGE_APPLICATION_PRIVATE_KEY_PATH);

const vonage = new Vonage({
apiKey: VONAGE_API_KEY,
apiSecret: VONAGE_API_SECRET,
applicationId: VONAGE_APPLICATION_ID,
privateKey: privateKey,
})

My question

Is it same in feature?

There appears to only be JavaScript examples, would be nice to se typescript examples aswell.

I am getting phone calls only by whatsapp audio
Email support didnt help - their solution is only "retry"

local server and cloud server same result.

used make-call.js

I cant call my customers with whatsapp. Please find a solution asap or i will work with twillio.

Many examples are using bodyparser package which is no longer needed in favor of built-in express counterparts.

Could i work on this issue and will it count for this cool vonage socks? 😉

There are currently examples at https://docs.nexmo.com/voice/voice-api/conversation in python / ruby / php, but I could personally use a node example.

If anyone has something that's not polished and ready just laying around, I'd totally love to see it in a gist or whatever.

Otherwise I may just go through the python example piece by piece and try to replicate. If I do that successfully maybe I'll make a pull request. Thanks!

Hi, there,

when I tried to execute the code, i encountered an issue as following:

{
body: {
type: 'https://www.nexmo.com/messages/Errors#InvalidParams',
title: "Your request parameters didn't validate.",
detail: 'Found errors validating 1 of your submitted parameters.',
instance: 'db405d542048f2a68872a54563448edd',
invalid_parameters: [ [Object] ]
},
headers: {
date: 'Thu, 19 Mar 2020 01:41:44 GMT',
'content-type': 'application/problem+json',
'content-length': '315',
connection: 'close',
'set-cookie': [
'__cfduid=d2bf53fcbb748b251b9fcb0684ee565781584582104; expires=Sat, 18-Apr-20 01:41:44 GMT; path=/; domain=.nexmo.com; HttpOnly; SameSite=Lax'
],
'x-frame-options': 'deny',
'x-xss-protection': '1; mode=block;',
'strict-transport-security': 'max-age=31536000; includeSubdomains',
'x-content-type-options': 'nosniff',
'content-disposition': 'attachment; filename="api.txt"',
'x-nexmo-trace-id': 'db405d542048f2a68872a54563448edd',
'cf-cache-status': 'DYNAMIC',
'expect-ct': 'max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"',
server: 'cloudflare',
'cf-ray': '57637e277c1884b8-HKG'
},
statusCode: 400
}

I could not figure out where the problem is from. Could you please help?

Thank you.

Hi Team, unable to send-sms. Did a clean git clone of this repo, wondering if the server-sdk version in the package.json is the correct version to work with the node snippet.

I am going to transfer call. Exactly, Exactly, VONAGE_PHONE and CLIENT1 is calling now, and I need to connect CLIENT1 to CLIENT2.

I am going to use this code:

vonage.voice.transferCallWithNCCO(this.call_id, [
            {
                action: 'talk',
                text: 'Hello, you are being connected, please wait...'
            },
            {
                "action": "connect",
                "from": CLIENT1,
                "endpoint": [{
                    "type": "phone",
                    "number": CLIENT2,
                    "dtmfAnswer": "auto"
                }]
            }
        ]

But it is not working.
Following is log.

throw new vetch_1.VetchError(`Request failed with status code ${response.status}`, request, response);
                  ^

VetchError: Request failed with status code 400
    at Voice.parseResponse (/root/VoiceBot/vonage/node_modules/@vonage/server-client/dist/client.js:302:19)
    at Voice.sendRequest (/root/VoiceBot/vonage/node_modules/@vonage/server-client/dist/client.js:221:31)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async Voice.sendRequestWithData (/root/VoiceBot/vonage/node_modules/@vonage/server-client/dist/client.js:196:16)
    at async Voice.callAction (/root/VoiceBot/vonage/node_modules/@vonage/voice/dist/voice.js:476:9) {
  config: {
    url: 'https://api.nexmo.com/v1/calls/60ce05e1-7c69-4281-b2f4-37e0586eeb39',
    method: 'PUT',
    type: 'application/json',
    data: {
      action: 'transfer',
      destination: {
        type: 'ncco',
        ncco: [
          {
            action: 'talk',
            text: 'Hello, you are being connected, please wait...'
          },
          { action: 'connect', endpoint: [Array] }
        ]
      }
    },
    headers: {
      'user-agent': '@vonage/server-sdk/3.0.0, node/18.17.1,',
      'content-type': 'application/json',
      Authorization: 'Bearer <My token>'
    }
  },
  response: Response {
    size: 0,
    timeout: 0,
    [Symbol(Body internals)]: {
      body: PassThrough {
        _readableState: ReadableState {
          objectMode: false,
          highWaterMark: 16384,
          buffer: BufferList { head: [Object], tail: [Object], length: 1 },
          length: 146,
          pipes: [],
          flowing: null,
          ended: true,
          endEmitted: false,
          reading: false,
          constructed: true,
          sync: false,
          needReadable: false,
          emittedReadable: false,
          readableListening: false,
          resumeScheduled: false,
          errorEmitted: false,
          emitClose: true,
          autoDestroy: true,
          destroyed: false,
          errored: null,
          closed: false,
          closeEmitted: false,
          defaultEncoding: 'utf8',
          awaitDrainWriters: null,
          multiAwaitDrain: false,
          readingMore: false,
          dataEmitted: false,
          decoder: null,
          encoding: null,
          [Symbol(kPaused)]: null
        },
        _events: [Object: null prototype] {
          prefinish: [Function: prefinish],
          error: [Function (anonymous)]
        },
        _eventsCount: 2,
        _maxListeners: undefined,
        _writableState: WritableState {
          objectMode: false,
          highWaterMark: 16384,
          finalCalled: true,
          needDrain: false,
          ending: true,
          ended: true,
          finished: true,
          destroyed: false,
          decodeStrings: true,
          defaultEncoding: 'utf8',
          length: 0,
          writing: false,
          corked: 0,
          sync: false,
          bufferProcessing: false,
          onwrite: [Function: bound onwrite],
          writecb: null,
          writelen: 0,
          afterWriteTickInfo: null,
          buffered: [],
          bufferedIndex: 0,
          allBuffers: true,
          allNoop: true,
          pendingcb: 0,
          constructed: true,
          prefinished: true,
          errorEmitted: false,
          emitClose: true,
          autoDestroy: true,
          errored: null,
          closed: false,
          closeEmitted: false,
          [Symbol(kOnFinished)]: []
        },
        allowHalfOpen: true,
        [Symbol(kCapture)]: false,
        [Symbol(kCallback)]: null
      },
      disturbed: false,
      error: null
    },
    [Symbol(Response internals)]: {
      url: 'https://api.nexmo.com/v1/calls/60ce05e1-7c69-4281-b2f4-37e0586eeb39',
      status: 400,
      statusText: 'Bad Request',
      headers: Headers {
        [Symbol(map)]: [Object: null prototype] {
          date: [ 'Thu, 08 Feb 2024 20:11:53 GMT' ],
          'content-type': [ 'application/json' ],
          'content-length': [ '146' ],
          connection: [ 'close' ],
          server: [ 'envoy' ],
          'x-nexmo-trace-id': [ '7624fee7-a0f4-4dd6-babf-05136976e6fd' ],
          'x-vonage-region': [ 'us-3' ],
          'x-envoy-upstream-service-time': [ '63' ],
          'content-disposition': [ 'attachment; filename="api.txt"' ],
          'x-frame-options': [ 'deny' ],
          'x-xss-protection': [ '1; mode=block' ],
          'strict-transport-security': [ 'max-age=31536000; includeSubdomains' ],
          'x-content-type-options': [ 'nosniff' ],
          'x-ratelimit-limit': [
            '200, 200;w=1;name="crd|account_id|generic_key^nexmo-vapi.vapi|generic_key^solo.setDescriptor.uniqueValue"'
          ],
          'x-ratelimit-remaining': [ '199' ],
          'x-ratelimit-reset': [ '1' ]
        }
      },
      counter: 0
    }
  }
}

Please help me.

Best

Expected Behavior

The Rooms SDK to request and return proper response.

Current Behavior

It throws unauthorized error.

Possible Solution

Allow the user to generate their own JWT token instead of using your auth library and hook it into the rooms sdk;

Steps to Reproduce

1. Initiate the auth sdk with the proper options

    const privateKeyPath = path.join(
      process.cwd(),
      String(process.env.VONAGE_PRIVATE_KEY),
    );

    const privateKeyContent = fs.readFileSync(privateKeyPath);

    // initialize the Vonage Auth
    this.auth = new Auth({
      privateKey: privateKeyContent,
      applicationId: process.env.VONAGE_APPICATION_ID,
    });

2. Execute the room sdk

    // initialize the Vonage Meetings
    this.meetings = new Meetings(this.auth);

    // create a room
    const room = await this.meetings.createRoom({
      displayName: roomName,
      type: roomtype,
      joinApprovalLevel: JoinType.EXPLICT_APPROVAL,
      availableFeatures: features,
    });

    return room;

Context (Environment)

I am trying to create an instant room, doing so using your own existing SDKs throws a 401 status all the time, so it does not recognize the credentials properly. I have tried to fill in all the auth properties with api keyss..etc but same issue.

To my surprise when I try to do the same thing using a custom http request with fetch or axios or just http class, it works as expected and I get a 200 with the room details.

Detailed Description

Possible Implementation

Vulnerable Library - server-sdk-3.0.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/jsonwebtoken/package.json

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (server-sdk version)	Remediation Available
CVE-2022-23539	High	8.1	jsonwebtoken-8.5.1.tgz	Transitive	3.0.1	✅
CVE-2022-23540	High	7.6	jsonwebtoken-8.5.1.tgz	Transitive	3.0.1	✅
CVE-2022-23541	Medium	6.3	jsonwebtoken-8.5.1.tgz	Transitive	3.0.1	✅

Details

CVE-2022-23539

Vulnerable Library - jsonwebtoken-8.5.1.tgz

JSON Web Token implementation (symmetric and asymmetric)

Library home page: https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/jsonwebtoken/package.json

Dependency Hierarchy:

• server-sdk-3.0.0.tgz (Root Library)
  • server-client-1.0.0.tgz
    • jwt-1.0.0.tgz
      • ❌ jsonwebtoken-8.5.1.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Versions <=8.5.1 of jsonwebtoken library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the allowInvalidAsymmetricKeyTypes option to true in the sign() and/or verify() functions.

Publish Date: 2022-12-23

URL: CVE-2022-23539

CVSS 3 Score Details (8.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-8cf7-32gw-wr33

Release Date: 2022-12-23

Fix Resolution (jsonwebtoken): 9.0.0

Direct dependency fix Resolution (@vonage/server-sdk): 3.0.1

⛑️ Automatic Remediation is available for this issue

CVE-2022-23540

Vulnerable Library - jsonwebtoken-8.5.1.tgz

JSON Web Token implementation (symmetric and asymmetric)

Library home page: https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/jsonwebtoken/package.json

Dependency Hierarchy:

• server-sdk-3.0.0.tgz (Root Library)
  • server-client-1.0.0.tgz
    • jwt-1.0.0.tgz
      • ❌ jsonwebtoken-8.5.1.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

In versions <=8.5.1 of jsonwebtoken library, lack of algorithm definition in the jwt.verify() function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification. Users are affected if you do not specify algorithms in the jwt.verify() function. This issue has been fixed, please update to version 9.0.0 which removes the default support for the none algorithm in the jwt.verify() method. There will be no impact, if you update to version 9.0.0 and you don’t need to allow for the none algorithm. If you need 'none' algorithm, you have to explicitly specify that in jwt.verify() options.

Publish Date: 2022-12-22

URL: CVE-2022-23540

CVSS 3 Score Details (7.6)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: High
  • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2022-23540

Release Date: 2022-12-22

Fix Resolution (jsonwebtoken): 9.0.0

Direct dependency fix Resolution (@vonage/server-sdk): 3.0.1

⛑️ Automatic Remediation is available for this issue

CVE-2022-23541

Vulnerable Library - jsonwebtoken-8.5.1.tgz

JSON Web Token implementation (symmetric and asymmetric)

Library home page: https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/jsonwebtoken/package.json

Dependency Hierarchy:

• server-sdk-3.0.0.tgz (Root Library)
  • server-client-1.0.0.tgz
    • jwt-1.0.0.tgz
      • ❌ jsonwebtoken-8.5.1.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

jsonwebtoken is an implementation of JSON Web Tokens. Versions <= 8.5.1 of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function referring to the secretOrPublicKey argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0.

Publish Date: 2022-12-22

URL: CVE-2022-23541

CVSS 3 Score Details (6.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-hjrf-2m68-5959

Release Date: 2022-12-22

Fix Resolution (jsonwebtoken): 9.0.0

Direct dependency fix Resolution (@vonage/server-sdk): 3.0.1

⛑️ Automatic Remediation is available for this issue

⛑️ Automatic Remediation is available for this issue.

Is this possible join participants from an ongoing call?

Let's say, I receive an inbound call, while in the call, I need to call to someone else to join that call.

So, I place that outbound call, if answer, then join the current call.

Expected Behavior

Template is active so message shall go

Current Behavior

Invalid parameter

Possible Solution

Steps to Reproduce

vonage.messages.send(
            new TemplateMessage(
                {
                    name: `${WHATSAPP_TEMPLATE_NAMESPACE}:${WHATSAPP_TEMPLATE_NAME}`,
                    components: [
                        {
                            "type": "header",
                            "parameters": [
                              {
                                "type": "image",
                                "image": {
                                  "link": "https://cdn.dineorder.com/whatsapp-templates/kuick.png"
                                }
                              }
                            ]
                        },
                        {
                            type: 'body',
                            parameters: [],
                        },
                    ],
                },
                {
                    policy: 'deterministic',
                    locale: 'en',
                },
                TO_NUMBER,
                WHATSAPP_NUMBER,
            )
        )
        .then(resp => console.log(resp.message_uuid))
        .catch(err => {console.error(err); console.log(err.response.data.invalid_parameters)});

Expected Behavior

node sms/send.js will run the code

Current Behavior

node sms/send.js got a build error

Possible Solution

Missing library code?

Steps to Reproduce

1. git clone https://github.com/GadeBao/vonage-node-code-snippets.git
2. cd vonage-node-code-snippets.git
3. npm install --save @vonage/server-sdk
4. node sms/send.js

Context (Environment)

build error

Detailed Description

node:internal/modules/cjs/loader:410
throw err;
^

Error: Cannot find module '/home/billy_bao/Vonage/vonage-node-code-snippets/node_modules/@vonage/vetch/dist/index.js'. Please verify that the package.json has a valid "main" entry
at tryPackage (node:internal/modules/cjs/loader:402:19)
at Module._findPath (node:internal/modules/cjs/loader:644:18)
at Module._resolveFilename (node:internal/modules/cjs/loader:1012:27)
at Module._load (node:internal/modules/cjs/loader:872:27)
at Module.require (node:internal/modules/cjs/loader:1092:19)
at require (node:internal/modules/cjs/helpers:103:18)
at Object. (/home/billy_bao/Vonage/vonage-node-code-snippets/node_modules/@vonage/server-client/dist/client.js:14:17)
at Module._compile (node:internal/modules/cjs/loader:1205:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1259:10)
at Module.load (node:internal/modules/cjs/loader:1068:32) {
code: 'MODULE_NOT_FOUND',
path: '/home/billy_bao/Vonage/vonage-node-code-snippets/node_modules/@vonage/vetch/package.json',
requestPath: '@vonage/vetch'

Possible Implementation

Hi Team,

This code seems does not work - it returns **undefined** error indicating that the method signature is unmatching.

vonage.verify.start({ number: RECIPIENT_NUMBER, senderId: BRAND_NAME })

Vulnerable Library - server-sdk-2.11.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/json-schema/package.json

Found in HEAD commit: ad5595f842b7c7bba7a172d162d171f13dd50370

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in	Remediation Available
CVE-2021-3918	High	9.8	json-schema-0.2.3.tgz	Transitive	N/A	❌
CVE-2020-15366	Medium	5.6	ajv-6.12.2.tgz	Transitive	N/A	❌

Details

CVE-2021-3918

Vulnerable Library - json-schema-0.2.3.tgz

JSON Schema validation and specifications

Library home page: https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/json-schema/package.json

Dependency Hierarchy:

• server-sdk-2.11.1.tgz (Root Library)
  • request-2.88.2.tgz
    • http-signature-1.2.0.tgz
      • jsprim-1.4.1.tgz
        • ❌ json-schema-0.2.3.tgz (Vulnerable Library)

Found in HEAD commit: ad5595f842b7c7bba7a172d162d171f13dd50370

Found in base branch: master

Vulnerability Details

json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Publish Date: 2021-11-13

URL: CVE-2021-3918

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-3918

Release Date: 2021-11-13

Fix Resolution: json-schema - 0.4.0

CVE-2020-15366

Vulnerable Library - ajv-6.12.2.tgz

Another JSON Schema Validator

Library home page: https://registry.npmjs.org/ajv/-/ajv-6.12.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/ajv/package.json

Dependency Hierarchy:

• server-sdk-2.11.1.tgz (Root Library)
  • request-2.88.2.tgz
    • har-validator-5.1.3.tgz
      • ❌ ajv-6.12.2.tgz (Vulnerable Library)

Found in HEAD commit: ad5595f842b7c7bba7a172d162d171f13dd50370

Found in base branch: master

Vulnerability Details

An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)

Publish Date: 2020-07-15

URL: CVE-2020-15366

CVSS 3 Score Details (5.6)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2020-07-15

Fix Resolution: ajv - 6.12.3

I am getting an error when trying whatapp js.

(err, data) => { console.log(data.message_uuid); }
^

TypeError: Cannot read property 'message_uuid' of null
at C:\george\12.Apps\sendNexmoSMS\sendWhatapp.js:30:37
at HttpClient.__parseResponse (C:\george\12.Apps\sendNexmoSMS\node_modules\nexmo\lib\HttpClient.js:232:9)
at IncomingMessage. (C:\george\12.Apps\sendNexmoSMS\node_modules\nexmo\lib\HttpClient.js:141:19)
at IncomingMessage.emit (events.js:328:22)
at endReadableNT (_stream_readable.js:1201:12)
at processTicksAndRejections (internal/process/task_queues.js:84:21)

Vulnerable Library - ejs-3.1.8.tgz

Embedded JavaScript templates

Library home page: https://registry.npmjs.org/ejs/-/ejs-3.1.8.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/ejs/package.json

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (ejs version)	Remediation Available
CVE-2023-29827	High	8.8	ejs-3.1.8.tgz	Direct	N/A	❌

Details

CVE-2023-29827

Vulnerable Library - ejs-3.1.8.tgz

Embedded JavaScript templates

Library home page: https://registry.npmjs.org/ejs/-/ejs-3.1.8.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/ejs/package.json

Dependency Hierarchy:

• ❌ ejs-3.1.8.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter.

Publish Date: 2023-05-04

URL: CVE-2023-29827

CVSS 3 Score Details (8.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

push.yml - Ensure top-level permissions are not set to write-all

Violation detected in /.github/workflows/push.yml:[0-1]

⛔ Details - Ensure top-level permissions are not set to write-all

The type for the function sendSms is wrong, in the example you are using 4 arguments, but in its type declaration 5 arguments are needed.

Expected Behavior

Calling the sendSms function and passing arguments like in the example should work.

Current Behavior

There is an error when I try to use the sendSms function. I have the following SS:

Possible Solution

Update the docs to provide a correct example or update the type of the function.

Steps to Reproduce

1. Try to run this using TypeScript

Context (Environment)

I'm trying to test your API following the basic example for sending an sms. I'm currently using:

• Node.js: v16.16.0
• TypeScript: v4.7.4
• @vonage/server-sdk: v2.11.2

nexmo.conversations.get(
^

TypeError: Cannot read property 'get' of undefined

I know several calls have been made inbound and outbound. Is there a nexmo libraries version that I should be using ?

Can you please provide an example for the media upload
https://developer.vonage.com/en/api/whatsapp-template-management#MediaUpload

Please correct me where it is going wrong

Expected Behavior

It should give a successful response

Current Behavior

Throwing error
data: { type: 'https://developer.vonage.com/api-errors', title: 'Internal Server Error', instance: '1e5451e9-485d-400e-b766-cdf6ae8b266d' }

Context (Environment)

Typescript, Node v18.16.0

Steps to Reproduce

import axios from 'axios'

var FormData = require('form-data')

async function main() {
  const imageUrl = `https://fastly.picsum.photos/id/823/536/354.jpg?hmac=ysg16ZYU5mSoAtbckBDDJqI-QuuNe0YouKOIgHneSYw`

  const imageResponse = await axios.get(imageUrl, {
    responseType: 'arraybuffer',
  })

  console.log('Content-Type:', imageResponse.headers['content-type'])

  let formData = new FormData()
  formData.append('mediafile', imageResponse.data)

  const uploadMedia = await axios({
    method: 'post',
    url: `https://api.nexmo.com/v2/whatsapp-manager/media/uploads?file_type=image%2Fjpeg`,
    headers: {
      'Content-Type': 'multipart/form-data',
      Authorization: `Bearer xxxx`,
    },
    data: formData,
  })

  console.log(`Upload Media: ${JSON.stringify(uploadMedia.data)}`)

}

main()

The problem I am facing is that we are using a single nexmo number in multiple modules in our application. So, I'm not able to differentiate which application module response users sending to i.e. whether it is two-way-messaging, group messaging or campaign.
In my opinion.

1. If Nexmo gives the same Message-ID in users SMS response that is already generated while sending the SMS, it will help me to find corresponding message ID in my database application and help me to response to that corresponding message easily.
2. If Nexmo uses the webhook that I already set before to receive messages, user response use that webhook which uses before to send the message. Even after I override the webhook for the given number.

I'm currently trying to implement this SDK, I have everything working however I need to add the code to create users dynamically rather than use the one I created via the command line.

Expected Behavior

According to the code snippets the following should allow me to create a user:

...
vonage.users.create({
  "name": USER_NAME,
  "display_name": USER_DISPLAY_NAME}, (error, result) => {
      if(error) {
          console.error(error);
      }
      else {
          console.log(result);
      }
  });

Current Behavior

Upon implementing, I receive the following error:

TypeError: Cannot read properties of undefined (reading 'create')

Which tracks as users doesn't seem to exist on the vonage object at all. I've tried numerous versions (beta, 2.10.0, 2.10.7, 2.10.11) and all have the same bug.

Possible Solution

Zero clue - fix the docs? I really don't know how to get this working and I've been digging through this repo for days so any help would be appreciated.

Vulnerable Library - express-4.18.2.tgz

Fast, unopinionated, minimalist web framework

Library home page: https://registry.npmjs.org/express/-/express-4.18.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Found in HEAD commit: 2726610f93ed8db36d67913a11ac7bba328b3102

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (express version)	Fix PR available
CVE-2024-29041	Medium	6.1	express-4.18.2.tgz	Direct	4.19.1	✅

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2024-29041

Vulnerable Library - express-4.18.2.tgz

Fast, unopinionated, minimalist web framework

Library home page: https://registry.npmjs.org/express/-/express-4.18.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

• ❌ express-4.18.2.tgz (Vulnerable Library)

Found in HEAD commit: 2726610f93ed8db36d67913a11ac7bba328b3102

Found in base branch: master

Vulnerability Details

Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode using encodeurl on the contents before passing it to the location header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is res.location() but this is also called from within res.redirect(). The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.

Publish Date: 2024-03-25

URL: CVE-2024-29041

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-rv95-896h-c2vc

Release Date: 2024-03-25

Fix Resolution (express): express - 4.19.0

Direct dependency fix Resolution (express): 4.19.1

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

I am attempting to use the whatsapp send-template example.
However, when I try to invoke vonage.channel.send, I get:
TypeError: Cannot read property 'send' of undefined
That is, the channel attribute appears to be missing.
Is there some way to determine why this attribute cannot be found?

The README.md file is missing the links to the tutorial for Two-factor Authentication Integration. Will make a PR soon.

The current example shows to use voiceName but when using it was not selecting the correct voice.

That way it does not work:

nexmo.calls.talk.start(CALL_UUID, { text: TEXT, voiceName: 'Vitoria', loop: 0 }, (err, res) => {
  if(err) { console.error(err); }
  else {
      console.log(res);
  }
});

I investigated the CURL requests and saw that the parameter name is voice_name. I think it would be interesting or fix this bug (Nodejs) or update the example.

That way it works:

nexmo.calls.talk.start(CALL_UUID, { text: TEXT, voice_name: 'Vitoria', loop: 0 }, (err, res) => {
  if(err) { console.error(err); }
  else {
      console.log(res);
  }
});