[FOLIO-2080] Fix security vulnerability reported for js-yaml < 3.13.1 Created: 06/Jun/19 Updated: 03/Jun/20 Resolved: 25/Jun/19 |
|
| Status: | Closed |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Umbrella | Priority: | TBD |
| Reporter: | Peter Murray | Assignee: | Unassigned |
| Resolution: | Done | Votes: | 0 |
| Labels: | security | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||||||||||||||
| Sprint: | |||||||||||||||||||||
| Description |
RemediationUpgrade js-yaml to version 3.13.1 or later. For example:
js-yaml@^3.13.1:
version "3.13.1"
Always verify the validity and compatibility of suggestions with your codebase. DetailsWS-2019-0063 Js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file. |