Uploaded image for project: 'stripes-cli'
  1. stripes-cli
  2. STCLI-177

path-parse ReDoS vulnerability (CVE-2021-23343)

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • TBD
    • Resolution: Won't Do
    • None
    • None
    • Stripes Force

    Description

      https://github.com/folio-org/platform-complete ships with path-parse 1.0.6 and this version is vulnerable to a Regular Expression Denial of Service (ReDoS) vulnerability: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23343

      path-parse is used in stripes-cli and eslint only. These are tools for manual debugging and during build.

      Therefore no fix is needed.

       

      TestRail: Results

        Attachments

          Activity

            People

              Unassigned Unassigned
              julianladisch Julian Ladisch
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                TestRail: Runs

                  TestRail: Cases