Actions
Bug #24995
closedIgnore braces DoS in 7.3
Pull Request:
Severity:
Trivial - no functional impact | cosmetic
UX impact:
User visibility:
Effort required:
Very Small
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No
Description
npx better-npm-audit audit --level high ╔═════════════════════════════════════════════════════════════════════╗ ║ === list of exceptions === ║ ║ ║ ║ ID │ Status │ Expiry │ Notes ║ ║ GHSA-ww39-953v-wcq6 │ active │ │ Only a DoS, let's ignore it ║ ║ GHSA-w573-4hg7-7wgq │ active │ │ Only a DoS, let's ignore it ║ ║ GHSA-4w4v-5hc9-xrr2 │ active │ │ Only a DoS, let's ignore it ║ ╚═════════════════════╧════════╧════════╧═════════════════════════════╝ ╔══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ === npm audit security report === ║ ║ ║ ║ ID │ Module │ Title │ Paths │ Sev. │ URL │ Ex. ║ ║ 1089210 │ angular │ angular vulnerable to regular expression denial of │ angular │ moderate │ https://github.com/advisories/GHSA-m2h2-264f-f486 │ n ║ ║ │ │ service (ReDoS) │ │ │ │ ║ ║ 1093574 │ angular │ Angular (deprecated package) Cross-site Scripting │ angular │ moderate │ https://github.com/advisories/GHSA-prc3-vjfx-vhm9 │ n ║ ║ 1094512 │ angular │ angular vulnerable to regular expression denial of │ angular │ moderate │ https://github.com/advisories/GHSA-2vrf-hf26-jrp5 │ n ║ ║ │ │ service via the angular.copy() utility │ │ │ │ ║ ║ 1094513 │ angular │ angular vulnerable to regular expression denial of │ angular │ moderate │ https://github.com/advisories/GHSA-2qqx-w9hr-q5gx │ n ║ ║ │ │ service via the $resource service │ │ │ │ ║ ║ 1094514 │ angular │ angular vulnerable to regular expression denial of │ angular │ moderate │ https://github.com/advisories/GHSA-qwqh-hm9m-p5hr │ n ║ ║ │ │ service via the <input type="url"> element │ │ │ │ ║ ║ 1097291 │ angular │ angular vulnerable to super-linear runtime due to │ angular │ high │ https://github.com/advisories/GHSA-4w4v-5hc9-xrr2 │ y ║ ║ │ │ backtracking │ │ │ │ ║ ║ 1097496 │ braces │ Uncontrolled resource consumption in braces │ braces │ high │ https://github.com/advisories/GHSA-grv7-fg5c-xmjg │ n ║ ║ │ │ │ elm-test>braces │ │ │ ║ ║ │ │ │ fast-glob>braces │ │ │ ║ ║ 1094087 │ decode-uri-component │ decode-uri-component vulnerable to Denial of │ decode-uri-component │ high │ https://github.com/advisories/GHSA-w573-4hg7-7wgq │ y ║ ║ │ │ Service (DoS) │ │ │ │ ║ ║ 1096592 │ es5-ext │ es5-ext vulnerable to Regular Expression Denial of │ es5-ext │ low │ https://github.com/advisories/GHSA-4gmj-3p3h-gm8h │ n ║ ║ │ │ Service in `function#copy` and │ │ │ │ ║ ║ │ │ `function#toStringTokens` │ │ │ │ ║ ║ 1095007 │ glob-parent │ glob-parent vulnerable to Regular Expression │ glob-parent │ high │ https://github.com/advisories/GHSA-ww39-953v-wcq6 │ y ║ ║ │ │ Denial of Service in enclosure regex │ │ │ │ ║ ║ 1096727 │ request │ Server-Side Request Forgery in Request │ request │ moderate │ https://github.com/advisories/GHSA-p8p7-x288-28g6 │ n ║ ║ 1096483 │ semver │ semver vulnerable to Regular Expression Denial of │ semver │ moderate │ https://github.com/advisories/GHSA-c2qf-rxjj-qqgw │ n ║ ║ │ │ Service │ │ │ │ ║ ║ 1096643 │ tough-cookie │ tough-cookie Prototype Pollution vulnerability │ tough-cookie │ moderate │ https://github.com/advisories/GHSA-72xf-g2v4-qvf3 │ n ║ ╚═════════╧══════════════════════╧════════════════════════════════════════════════════╧═══════════════════════════════════════════╧══════════╧═══════════════════════════════════════════════════╧═════╝ 1 vulnerabilities found. Node security advisories: 1097496
Updated by Clark ANDRIANASOLO 5 months ago
- Status changed from New to In progress
Updated by Clark ANDRIANASOLO 5 months ago
- Status changed from In progress to Pending technical review
- Assignee changed from Clark ANDRIANASOLO to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder/pull/5720
Updated by Clark ANDRIANASOLO 5 months ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|6e716bff1ebd8f2a01988f952e275f115ebf3b38.
Updated by Clark ANDRIANASOLO 5 months ago
- Fix check changed from To do to Checked
Updated by Vincent MEMBRÉ 4 months ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 7.3.16, 8.0.10 and 8.1.5 which were released today.
Actions