[STCLI-177] path-parse ReDoS vulnerability (CVE-2021-23343) - FOLIO Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: TBD
Resolution: Won't Do
Affects Version/s: None
Fix Version/s: None
Labels:
- security

Template:

Standard Bug Write-Up Format
Development Team:
Stripes Force

Description

https://github.com/folio-org/platform-complete ships with path-parse 1.0.6 and this version is vulnerable to a Regular Expression Denial of Service (ReDoS) vulnerability: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23343

path-parse is used in stripes-cli and eslint only. These are tools for manual debugging and during build.

Therefore no fix is needed.

TestRail: Results

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Julian Ladisch

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 05/May/21 9:35 PM

Updated:: 05/May/21 9:36 PM

Resolved:: 05/May/21 9:36 PM

TestRail: Runs

TestRail: Cases