Uploaded image for project: 'FOLIO'
  1. FOLIO
  2. FOLIO-2080

Fix security vulnerability reported for js-yaml < 3.13.1

    XMLWordPrintable

Details

    • Umbrella
    • Status: Closed (View Workflow)
    • TBD
    • Resolution: Done
    • None

    Description

      Remediation

      Upgrade js-yaml to version 3.13.1 or later. For example:         

      js-yaml@^3.13.1:
 version "3.13.1"

      Always verify the validity and compatibility of suggestions with your codebase.

      Details

      WS-2019-0063
      high severity
      Vulnerable versions: < 3.13.1
      Patched version: 3.13.1

      Js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file.

      TestRail: Results

        Attachments

          Issue Links

            is blocked by

            Bug - A problem which impairs or prevents the functions of the product. FOLIO-2083 Fix security vulnerability reported for js-yaml < 3.13.1

            • P2 - normal priority level, must be included in the current development cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UINOTES-35 Fix security vulnerability reported for js-yaml < 3.13.1

            • TBD - To be determined
            • Closed
            relates to

            Bug - A problem which impairs or prevents the functions of the product. FOLIO-2213 In folio-install kubernetes-rancher: Fix security vulnerability for js-yaml and various lodash

            • P2 - normal priority level, must be included in the current development cycle
            • Closed

            Activity

              People

                Unassigned Unassigned
                peter Peter Murray
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases