Actions
Bug #27103
closed
update npm diff package due to security alert
Difficulty:
Triaged:
Yes
Description
WS-2018-0590 More information
high severity
Vulnerable versions: < 3.5.0
Patched version: 3.5.0
A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.
this was fixed at https://github.com/kpdecker/jsdiff/commit/2aec4298639bf30fb88a00b356bf404d3551b8c0
Updated by The Foreman Bot almost 5 years ago
- Status changed from New to Ready For Testing
- Assignee set to Ohad Levy
- Pull request https://github.com/theforeman/foreman/pull/6853 added
Updated by Ewoud Kohl van Wijngaarden almost 5 years ago
- Triaged changed from No to Yes
- Fixed in Releases 1.23.0 added
Updated by Ohad Levy almost 5 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset 18649478cb128591738f97931f98632fd966d1f2.
Updated by The Foreman Bot almost 5 years ago
- Pull request https://github.com/theforeman/foreman-packaging/pull/3902 added
Updated by The Foreman Bot almost 5 years ago
- Pull request https://github.com/theforeman/foreman/pull/6889 added
Updated by Tomer Brisker over 4 years ago
- Category changed from Security to JavaScript stack
Actions