Project

General

Profile

Actions
Copy link

Bug #40176

closed

mgr/dashboard: Known high severity security vulnerability detected in js-yaml < 3.13.1

Added by Ernesto Puerta almost 5 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
General
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

Details: https://www.npmjs.com/advisories/813

Severity left to minor as after checking which packages use js-yaml, it turns out to come in as a dependency from build/dev-only packages: tslint (development tool), and build-angular via cosmiconfig.

Update suggested: js-yaml ~> 3.13.1.

Actions
Copy link
 #1

Updated by Tiago Melo over 4 years ago

  • Status changed from New to Closed

No longer happens.

Actions
Copy link
 #2

Updated by Ernesto Puerta about 3 years ago

  • Project changed from mgr to Dashboard
  • Category changed from 132 to General
Actions
Copy link

Also available in: Atom PDF