Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security issue serialize-javascript prior to 3.1.0 allows remote attackers #17912

Closed
marinaua opened this issue Jun 11, 2020 · 2 comments Β· Fixed by #17918 or #17917
Closed

Security issue serialize-javascript prior to 3.1.0 allows remote attackers #17912

marinaua opened this issue Jun 11, 2020 · 2 comments Β· Fixed by #17918 or #17917
Labels
area: devkit/build-angular freq3: high severity6: security type: bug/fix
Milestone
Backlog

Comments

@marinaua
Copy link

marinaua commented Jun 11, 2020
edited

πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘

@angular-devkit/build-angular/0.901.8 Β» terser-webpack-plugin/2.3.5
Β» serialize-javascript/2.1.2

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".

πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘
@ngbot ngbot bot added this to the Backlog milestone Jun 12, 2020
This was referenced Jun 12, 2020
Merged
Merged
This was linked to pull requests Jun 12, 2020
fix(@angular-devkit/build-angular): update terser-webpack-plugin to 3.0.3 #17918
Merged
fix(@angular-devkit/build-angular): update terser-webpack-plugin to 3.0.3 #17917
Merged
alan-agius4 added a commit that referenced this issue Jun 12, 2020
@alan-agius4
fix(@angular-devkit/build-angular): update terser-webpack-plugin to 3…
a80ba19 
….0.3

Fixes security issue serialize-javascript prior to 3.1.0 allows remote attackers

Closes #17912
alan-agius4 added a commit that referenced this issue Jun 12, 2020
@alan-agius4
fix(@angular-devkit/build-angular): update terser-webpack-plugin to 3…
955904c 
….0.3

Fixes security issue serialize-javascript prior to 3.1.0 allows remote attackers

Closes #17912
@alan-agius4
Copy link
Collaborator

Closed via #17918

This was referenced Jun 17, 2020
Merged
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Merged
Closed
This was referenced Jun 18, 2020
Closed
Closed
Closed
Closed
Closed
Merged
Merged
@dependabot dependabot bot mentioned this issue Jun 19, 2020
Merged
@dependabot-preview dependabot-preview bot mentioned this issue Jun 19, 2020
Closed
@dependabot dependabot bot mentioned this issue Jun 19, 2020
Merged
This was referenced Jun 19, 2020
Closed
Closed
Merged
Closed
Closed
Merged
Closed
Closed
Closed
Merged
Closed
Merged
Closed
Closed
Closed
Closed
Closed
Closed
@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Jul 14, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area: devkit/build-angular freq3: high severity6: security type: bug/fix
Projects
None yet
Milestone
Backlog
2 participants
@marinaua @alan-agius4