Project

General

Profile

Actions

Bug #22984

closed

JS vulns in 8.0

Added by Alexis Mousset over 1 year ago. Updated over 1 year ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

[2023-06-29T11:29:02.283Z] ╔═════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗

[2023-06-29T11:29:02.283Z] ║                                                                                    === npm audit security report ===                                                                                    ║

[2023-06-29T11:29:02.283Z] ║                                                                                                                                                                                                         ║

[2023-06-29T11:29:02.283Z] ║ ID      │ Module               │ Title                                              │ Paths                                        │ Sev.     │ URL                                               │ Ex. ║

[2023-06-29T11:29:02.283Z] ║ 1088899 │ angular              │ Angular (deprecated package) Cross-site Scripting  │ angular                                      │ moderate │ https://github.com/advisories/GHSA-prc3-vjfx-vhm9 │ n   ║

[2023-06-29T11:29:02.283Z] ║ 1089210 │ angular              │ angular vulnerable to regular expression denial of │ angular                                      │ moderate │ https://github.com/advisories/GHSA-m2h2-264f-f486 │ n   ║

[2023-06-29T11:29:02.283Z] ║         │                      │ service (ReDoS)                                    │                                              │          │                                                   │     ║

[2023-06-29T11:29:02.283Z] ║ 1091652 │ decode-uri-component │ decode-uri-component vulnerable to Denial of       │ decode-uri-component                         │ high     │ https://github.com/advisories/GHSA-w573-4hg7-7wgq │ n   ║

[2023-06-29T11:29:02.283Z] ║         │                      │ Service (DoS)                                      │                                              │          │                                                   │     ║

[2023-06-29T11:29:02.283Z] ║ 1091181 │ glob-parent          │ glob-parent before 5.1.2 vulnerable to Regular     │ glob-parent                                  │ high     │ https://github.com/advisories/GHSA-ww39-953v-wcq6 │ y   ║

[2023-06-29T11:29:02.283Z] ║         │                      │ Expression Denial of Service in enclosure regex    │                                              │          │                                                   │     ║

[2023-06-29T11:29:02.283Z] ║ 1091174 │ minimatch            │ minimatch ReDoS vulnerability                      │ @prettier-x/formatter-2021-01>minimatch      │ high     │ https://github.com/advisories/GHSA-f8q6-p94x-37v3 │ y   ║

[2023-06-29T11:29:02.283Z] ║ 1091173 │ minimist             │ Prototype Pollution in minimist                    │ @prettier-x/formatter-2021-01>minimist       │ critical │ https://github.com/advisories/GHSA-xvch-5gv4-984h │ y   ║

[2023-06-29T11:29:02.283Z] ║ 1091725 │ request              │ Server-Side Request Forgery in Request             │ request                                      │ moderate │ https://github.com/advisories/GHSA-p8p7-x288-28g6 │ n   ║

[2023-06-29T11:29:02.283Z] ║ 1092310 │ semver               │ semver vulnerable to Regular Expression Denial of  │ @prettier-x/formatter-2021-01>semver         │ moderate │ https://github.com/advisories/GHSA-c2qf-rxjj-qqgw │ n   ║

[2023-06-29T11:29:02.283Z] ║         │                      │ Service                                            │ semver                                       │          │                                                   │     ║

[2023-06-29T11:29:02.283Z] ║ 1089867 │ trim                 │ Regular Expression Denial of Service in trim       │ remark-parse>trim                            │ high     │ https://github.com/advisories/GHSA-w5p7-h5w8-2hfq │ y   ║

[2023-06-29T11:29:02.283Z] ╚═════════╧══════════════════════╧════════════════════════════════════════════════════╧══════════════════════════════════════════════╧══════════╧═══════════════════════════════════════════════════╧═════╝

Actions #1

Updated by Alexis Mousset over 1 year ago

  • Target version set to 8.0.0~alpha1
Actions #2

Updated by Alexis Mousset over 1 year ago

  • Status changed from New to In progress
Actions #3

Updated by Alexis Mousset over 1 year ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Alexis Mousset to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/4861
Actions #4

Updated by Alexis Mousset over 1 year ago

  • Status changed from Pending technical review to Pending release
Actions #5

Updated by Vincent MEMBRÉ over 1 year ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 8.0.0~alpha1 which was released today.

Actions

Also available in: Atom PDF