[FOLIO-2080] Fix security vulnerability reported for js-yaml < 3.13.1 Created: 06/Jun/19  Updated: 03/Jun/20  Resolved: 25/Jun/19

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Umbrella Priority: TBD
Reporter: Peter Murray Assignee: Unassigned
Resolution: Done Votes: 0
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Blocks
is blocked by FOLIO-2083 Fix security vulnerability reported f... Closed
is blocked by UINOTES-35 Fix security vulnerability reported f... Closed
Relates
relates to FOLIO-2213 In folio-install kubernetes-rancher: ... Closed
Sprint:

 Description   

Remediation

Upgrade js-yaml to version 3.13.1 or later. For example:        

js-yaml@^3.13.1:
 version "3.13.1"

Always verify the validity and compatibility of suggestions with your codebase.

Details

WS-2019-0063
high severity
Vulnerable versions: < 3.13.1
Patched version: 3.13.1

Js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file.


Generated at Thu Feb 08 23:18:04 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.