Actions
Bug #22984
closed
JS vulns in 8.0
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No
Description
[2023-06-29T11:29:02.283Z] ╔═════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ [2023-06-29T11:29:02.283Z] ║ === npm audit security report === ║ [2023-06-29T11:29:02.283Z] ║ ║ [2023-06-29T11:29:02.283Z] ║ ID │ Module │ Title │ Paths │ Sev. │ URL │ Ex. ║ [2023-06-29T11:29:02.283Z] ║ 1088899 │ angular │ Angular (deprecated package) Cross-site Scripting │ angular │ moderate │ https://github.com/advisories/GHSA-prc3-vjfx-vhm9 │ n ║ [2023-06-29T11:29:02.283Z] ║ 1089210 │ angular │ angular vulnerable to regular expression denial of │ angular │ moderate │ https://github.com/advisories/GHSA-m2h2-264f-f486 │ n ║ [2023-06-29T11:29:02.283Z] ║ │ │ service (ReDoS) │ │ │ │ ║ [2023-06-29T11:29:02.283Z] ║ 1091652 │ decode-uri-component │ decode-uri-component vulnerable to Denial of │ decode-uri-component │ high │ https://github.com/advisories/GHSA-w573-4hg7-7wgq │ n ║ [2023-06-29T11:29:02.283Z] ║ │ │ Service (DoS) │ │ │ │ ║ [2023-06-29T11:29:02.283Z] ║ 1091181 │ glob-parent │ glob-parent before 5.1.2 vulnerable to Regular │ glob-parent │ high │ https://github.com/advisories/GHSA-ww39-953v-wcq6 │ y ║ [2023-06-29T11:29:02.283Z] ║ │ │ Expression Denial of Service in enclosure regex │ │ │ │ ║ [2023-06-29T11:29:02.283Z] ║ 1091174 │ minimatch │ minimatch ReDoS vulnerability │ @prettier-x/formatter-2021-01>minimatch │ high │ https://github.com/advisories/GHSA-f8q6-p94x-37v3 │ y ║ [2023-06-29T11:29:02.283Z] ║ 1091173 │ minimist │ Prototype Pollution in minimist │ @prettier-x/formatter-2021-01>minimist │ critical │ https://github.com/advisories/GHSA-xvch-5gv4-984h │ y ║ [2023-06-29T11:29:02.283Z] ║ 1091725 │ request │ Server-Side Request Forgery in Request │ request │ moderate │ https://github.com/advisories/GHSA-p8p7-x288-28g6 │ n ║ [2023-06-29T11:29:02.283Z] ║ 1092310 │ semver │ semver vulnerable to Regular Expression Denial of │ @prettier-x/formatter-2021-01>semver │ moderate │ https://github.com/advisories/GHSA-c2qf-rxjj-qqgw │ n ║ [2023-06-29T11:29:02.283Z] ║ │ │ Service │ semver │ │ │ ║ [2023-06-29T11:29:02.283Z] ║ 1089867 │ trim │ Regular Expression Denial of Service in trim │ remark-parse>trim │ high │ https://github.com/advisories/GHSA-w5p7-h5w8-2hfq │ y ║ [2023-06-29T11:29:02.283Z] ╚═════════╧══════════════════════╧════════════════════════════════════════════════════╧══════════════════════════════════════════════╧══════════╧═══════════════════════════════════════════════════╧═════╝
Updated by Alexis Mousset over 1 year ago
- Status changed from New to In progress
Updated by Alexis Mousset over 1 year ago
- Status changed from In progress to Pending technical review
- Assignee changed from Alexis Mousset to Vincent MEMBRÉ
- Pull Request set to https://github.com/Normation/rudder/pull/4861
Updated by Alexis Mousset over 1 year ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|8b63b20c91a4bc967caf9d7f2105e1d92a80f004.
Updated by Vincent MEMBRÉ over 1 year ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 8.0.0~alpha1 which was released today.
Actions