Bug #27103: update npm diff package due to security alert - Foreman

Actions

Copy link

Bug #27103

closed

update npm diff package due to security alert

Added by Ohad Levy over 5 years ago. Updated over 5 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Ohad Levy

Category:

JavaScript stack

Target version:

Difficulty:

Triaged:

Yes

Bugzilla link:

Pull request:

https://github.com/theforeman/foreman/pull/6853, https://github.com/theforeman/foreman-packaging/pull/3902, https://github.com/theforeman/foreman/pull/6889

Fixed in Releases:

1.23.0

Found in Releases:

Red Hat JIRA:

Description

WS-2018-0590 More information
high severity
Vulnerable versions: < 3.5.0
Patched version: 3.5.0
A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

this was fixed at https://github.com/kpdecker/jsdiff/commit/2aec4298639bf30fb88a00b356bf404d3551b8c0

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Custom queries

Bug #27103

update npm diff package due to security alert

Updated by The Foreman Bot over 5 years ago

Updated by Ewoud Kohl van Wijngaarden over 5 years ago

Updated by Ohad Levy over 5 years ago

Updated by The Foreman Bot over 5 years ago

Updated by The Foreman Bot over 5 years ago

Updated by Tomer Brisker over 5 years ago