** Changed in: mahara
Status: New => Fix Committed
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: mahara-contributors
https://bugs.launchpad.net/bugs/2003988
Title:
glob-parent vulnerability
Status in Mahara:
Fix Committed
Bug description:
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of
Service in enclosure regex
- https://github.com/advisories/GHSA-ww39-953v-wcq6
- https://nvd.nist.gov/vuln/detail/CVE-2020-28469
- https://cwe.mitre.org/data/definitions/400.html
In our third-party libraries, we are waiting for gulp to update their
dependencies. However, it's been 3 years since their last update.
Unsure if they will.
Yet to be fixed: gulp - but not hopeful currently
https://twitter.com/gulpjs/status/1564430489473077248?cxt=HHwWgMCqjbrP_LUrAAAA
However, our CSS gets compiled from hardcoded sass files before webpages
get loaded.
[email protected] /.../.../code/mahara
├─┬ [email protected] 🚨
│ ├─┬ [email protected]
│ │ └─┬ [email protected]
│ │ └── [email protected] 🚨
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └── [email protected] deduped 🚨
└─┬ [email protected]
└─┬ [email protected]
└── [email protected] ✅
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/2003988/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~mahara-contributors
Post to : [email protected]
Unsubscribe : https://launchpad.net/~mahara-contributors
More help : https://help.launchpad.net/ListHelp
