Project

General

Profile

Actions
Copy link

Bug #26903

closed

update webpack-bundle-analyzer

Added by Ohad Levy over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ohad Levy
Category:
JavaScript stack
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/6804
Fixed in Releases:
1.23.0
Found in Releases:
Red Hat JIRA:

Description

Versions of webpack-bundle-analyzer prior to 3.3.2 are vulnerable to Cross-Site Scripting. The package uses JSON.stringify() without properly escaping input which may lead to Cross-Site Scripting.

https://github.com/webpack-contrib/webpack-bundle-analyzer/issues/263

Actions
Copy link
 #1

Updated by The Foreman Bot over 5 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Ohad Levy
  • Pull request https://github.com/theforeman/foreman/pull/6804 added
Actions
Copy link
 #2

Updated by Tomer Brisker over 5 years ago

  • Fixed in Releases 1.23.0 added
Actions
Copy link
 #3

Updated by Ohad Levy over 5 years ago

  • Status changed from Ready For Testing to Closed
Actions
Copy link

Also available in: Atom PDF