Reviewed: https://reviews.mahara.org/c/mahara/+/13662 Committed: https://git.mahara.org/mahara/mahara/commit/7b2a5f509f510dd13177edc78af7f3f0784bf6dd Submitter: "Robert Lyon <[email protected]>" Branch: main
commit 7b2a5f509f510dd13177edc78af7f3f0784bf6dd Author: Doris Tam <[email protected]> Date: Wed Jan 25 15:09:41 2023 +1300 Bug 2003988: Compatible JS library updates and security for glob-parent for themes glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6 - https://nvd.nist.gov/vuln/detail/CVE-2020-28469 - https://cwe.mitre.org/data/definitions/400.html Yet to be fixed: gulp However, our CSS gets compiled from hard-coded SASS files before webpages get loaded. Change-Id: If36e9f5df6b749574bc63154eff818ec707c1dec ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-28469 -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: mahara-contributors https://bugs.launchpad.net/bugs/2003988 Title: glob-parent vulnerability Status in Mahara: Fix Committed Bug description: glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6 - https://nvd.nist.gov/vuln/detail/CVE-2020-28469 - https://cwe.mitre.org/data/definitions/400.html In our third-party libraries, we are waiting for gulp to update their dependencies. However, it's been 3 years since their last update. Unsure if they will. Yet to be fixed: gulp - but not hopeful currently https://twitter.com/gulpjs/status/1564430489473077248?cxt=HHwWgMCqjbrP_LUrAAAA However, our CSS gets compiled from hardcoded sass files before webpages get loaded. [email protected] /.../.../code/mahara ├─┬ [email protected] 🚨 │ ├─┬ [email protected] │ │ └─┬ [email protected] │ │ └── [email protected] 🚨 │ └─┬ [email protected] │ └─┬ [email protected] │ └── [email protected] deduped 🚨 └─┬ [email protected] └─┬ [email protected] └── [email protected] ✅ To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/2003988/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
