Actions
Bug #24517
closed
Ignore angularjs DoS in 7.3
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No
Description
[2024-03-15T22:24:24.571Z] + npx better-npm-audit audit --level high [2024-03-15T22:24:24.849Z] ╔═════════════════════════════════════════════════════════════════════╗ [2024-03-15T22:24:24.849Z] ║ === list of exceptions === ║ [2024-03-15T22:24:24.849Z] ║ ║ [2024-03-15T22:24:24.849Z] ║ ID │ Status │ Expiry │ Notes ║ [2024-03-15T22:24:24.849Z] ║ GHSA-ww39-953v-wcq6 │ active │ │ Only a DoS, let's ignore it ║ [2024-03-15T22:24:24.849Z] ║ GHSA-w573-4hg7-7wgq │ active │ │ Only a DoS, let's ignore it ║ [2024-03-15T22:24:24.849Z] ╚═════════════════════╧════════╧════════╧═════════════════════════════╝ [2024-03-15T22:24:24.849Z] [2024-03-15T22:24:26.870Z] ╔═════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ [2024-03-15T22:24:26.870Z] ║ === npm audit security report === ║ [2024-03-15T22:24:26.870Z] ║ ║ [2024-03-15T22:24:26.870Z] ║ ID │ Module │ Title │ Paths │ Sev. │ URL │ Ex. ║ [2024-03-15T22:24:26.870Z] ║ 1089210 │ angular │ angular vulnerable to regular expression denial of │ angular │ moderate │ https://github.com/advisories/GHSA-m2h2-264f-f486 │ n ║ [2024-03-15T22:24:26.870Z] ║ │ │ service (ReDoS) │ │ │ │ ║ [2024-03-15T22:24:26.870Z] ║ 1093574 │ angular │ Angular (deprecated package) Cross-site Scripting │ angular │ moderate │ https://github.com/advisories/GHSA-prc3-vjfx-vhm9 │ n ║ [2024-03-15T22:24:26.870Z] ║ 1096633 │ angular │ angular vulnerable to super-linear runtime due to │ angular │ high │ https://github.com/advisories/GHSA-4w4v-5hc9-xrr2 │ n ║ [2024-03-15T22:24:26.870Z] ║ │ │ backtracking │ │ │ │ ║ [2024-03-15T22:24:26.870Z] ║ 1094087 │ decode-uri-component │ decode-uri-component vulnerable to Denial of │ decode-uri-component │ high │ https://github.com/advisories/GHSA-w573-4hg7-7wgq │ y ║ [2024-03-15T22:24:26.870Z] ║ │ │ Service (DoS) │ │ │ │ ║ [2024-03-15T22:24:26.870Z] ║ 1096592 │ es5-ext │ es5-ext vulnerable to Regular Expression Denial of │ es5-ext │ low │ https://github.com/advisories/GHSA-4gmj-3p3h-gm8h │ n ║ [2024-03-15T22:24:26.870Z] ║ │ │ Service in `function#copy` and │ │ │ │ ║ [2024-03-15T22:24:26.870Z] ║ │ │ `function#toStringTokens` │ │ │ │ ║ [2024-03-15T22:24:26.870Z] ║ 1095007 │ glob-parent │ glob-parent vulnerable to Regular Expression │ glob-parent │ high │ https://github.com/advisories/GHSA-ww39-953v-wcq6 │ y ║ [2024-03-15T22:24:26.870Z] ║ │ │ Denial of Service in enclosure regex │ │ │ │ ║ [2024-03-15T22:24:26.870Z] ║ 1092972 │ request │ Server-Side Request Forgery in Request │ request │ moderate │ https://github.com/advisories/GHSA-p8p7-x288-28g6 │ n ║ [2024-03-15T22:24:26.870Z] ║ 1096483 │ semver │ semver vulnerable to Regular Expression Denial of │ semver │ moderate │ https://github.com/advisories/GHSA-c2qf-rxjj-qqgw │ n ║ [2024-03-15T22:24:26.870Z] ║ │ │ Service │ │ │ │ ║ [2024-03-15T22:24:26.870Z] ║ 1096643 │ tough-cookie │ tough-cookie Prototype Pollution vulnerability │ tough-cookie │ moderate │ https://github.com/advisories/GHSA-72xf-g2v4-qvf3 │ n ║ [2024-03-15T22:24:26.870Z] ╚═════════╧══════════════════════╧════════════════════════════════════════════════════╧══════════════════════╧══════════╧═══════════════════════════════════════════════════╧═════╝ [2024-03-15T22:24:26.870Z] [2024-03-15T22:24:26.870Z] 1 vulnerabilities found. Node security advisories: 1096633 script returned exit code 1
Updated by Alexis Mousset 8 months ago
- Status changed from New to In progress
- Assignee set to Alexis Mousset
Updated by Alexis Mousset 8 months ago
- Status changed from In progress to Pending technical review
- Assignee changed from Alexis Mousset to François ARMAND
- Pull Request set to https://github.com/Normation/rudder/pull/5481
Updated by Alexis Mousset 8 months ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|3079f994b7cc20d58f41970191b1617f73859c1c.
Updated by Clark ANDRIANASOLO 8 months ago
- Fix check changed from To do to Checked
Updated by Vincent MEMBRÉ 7 months ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 7.3.14, 8.0.8 and 8.1.1 which were released today.
Actions