Uploaded image for project: 'stripes-webpack'
  1. stripes-webpack
  2. STRWEB-28

glob-parent ReDoS vulnerabilities (CVE-2020-28469, CVE-2021-35065)

    XMLWordPrintable

Details

    • stripes-force 138
    • 1
    • Stripes Force
    • Morning Glory R2 2022

    Description

      glob-parent before version 6.0.1 is vulnerable to Regular Expression Denial of Service vulnerabilities:

      Dependency path:

      "@folio/stripes-cli@^2.4.0":
        version "2.4.0"
          webpack "^4.10.2"
      "@folio/stripes-webpack@^2.0.0":
        version "2.0.0"
          webpack "^4.27.0"  
      webpack@^4.10.2, webpack@^4.27.0:
        version "4.46.0"
          watchpack "^1.7.4"  
      watchpack@^1.7.4:
        version "1.7.5"
          watchpack-chokidar2 "^2.0.1"
      watchpack-chokidar2@^2.0.1:
        version "2.0.1"
          chokidar "^2.1.8"
      chokidar@^2.1.8:
        version "2.1.8"
          glob-parent "^3.1.0"
      glob-parent@^3.1.0:
        version "3.1.0"
      

      Migrating from webpack 4 to webpack 5 (STRWEB-4) will fix these issues.

      TestRail: Results

        Attachments

          Issue Links

            Activity

              People

                zburke Zak_Burke
                julianladisch Julian Ladisch
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases