Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(Snyk)(LOW) Cross-site Scripting (XSS) due 9/3/19 #2944

Closed
1 task done
Tracked by #137
fec-jli opened this issue Jun 5, 2019 · 3 comments
Closed
1 task done
Tracked by #137

(Snyk)(LOW) Cross-site Scripting (XSS) due 9/3/19 #2944

fec-jli opened this issue Jun 5, 2019 · 3 comments
Assignees
@jason-upchurch
Labels
Please review Security: low Remediate within 90 days Security: moderate Remediate within 60 days Work: Back-end
Milestone
Sprint 9.6

Comments

@fec-jli
Copy link
Contributor

fec-jli commented Jun 5, 2019
edited by dorothyyeager

Summary

During Snyk scanning. found one low vulnerability in requirements.txt.
Cross-site Scripting (XSS) Vulnerable module: django
Introduced through: django-libsass@0.7, django-jinja@2.4.1 and others

detail https://app.snyk.io/vuln/SNYK-PYTHON-DJANGO-174885

To do

  • Upgrade django to version 1.11.21, 2.1.9, 2.2.2 or higher.
@fec-jli fec-jli mentioned this issue Jun 5, 2019
Closed
@jason-upchurch jason-upchurch mentioned this issue Jun 13, 2019
Closed
@lbeaufort lbeaufort changed the title (Snyk)(LOW) Cross-site Scripting (XSS) (Snyk)(LOW) Cross-site Scripting (XSS) due 9/3/19 Jun 13, 2019
@jason-upchurch jason-upchurch mentioned this issue Jun 19, 2019
Closed
@hcaofec hcaofec mentioned this issue Jun 26, 2019
Closed
@lbeaufort lbeaufort mentioned this issue Jul 3, 2019
Closed
@fec-jli fec-jli mentioned this issue Jul 10, 2019
Closed
@jason-upchurch jason-upchurch mentioned this issue Jul 17, 2019
Closed
@lbeaufort lbeaufort added this to the Sprint 9.6 milestone Jul 21, 2019
@lbeaufort lbeaufort added the Security: low Remediate within 90 days label Jul 21, 2019
@pkfec pkfec mentioned this issue Jul 25, 2019
Closed
@jason-upchurch
Copy link
Contributor

jason-upchurch commented Jul 30, 2019
edited

Issue dependent on solution to: #3023 (solution to related issue will resolve this issue).

@jason-upchurch jason-upchurch mentioned this issue Jul 31, 2019
Closed
@lbeaufort lbeaufort mentioned this issue Jul 31, 2019
Closed
@jason-upchurch jason-upchurch mentioned this issue Aug 1, 2019
Merged
5 tasks
@jason-upchurch
Copy link
Contributor

Upgrade to django@1.11.22 introduces 4 new medium severity vulnerabilities:

✗ Medium severity vulnerability found in django
  Description: Denial of Service (Memory Exhaustion)
  Info: https://snyk.io/vuln/SNYK-PYTHON-DJANGO-456540
  Introduced through: django@1.11.22, cg-django-uaa@1.3.0, django-jinja@2.4.1, django-libsass@0.7
  From: django@1.11.22
  From: cg-django-uaa@1.3.0 > django@1.11.22
  From: django-jinja@2.4.1 > django@1.11.22

✗ Medium severity vulnerability found in django
  Description: Denial of Service (DoS)
  Info: https://snyk.io/vuln/SNYK-PYTHON-DJANGO-456541
  Introduced through: django@1.11.22, cg-django-uaa@1.3.0, django-jinja@2.4.1, django-libsass@0.7
  From: django@1.11.22
  From: cg-django-uaa@1.3.0 > django@1.11.22
  From: django-jinja@2.4.1 > django@1.11.22
  and 1 more...

✗ Medium severity vulnerability found in django
  Description: Denial of Service (DoS)
  Info: https://snyk.io/vuln/SNYK-PYTHON-DJANGO-456542
  Introduced through: django@1.11.22, cg-django-uaa@1.3.0, django-jinja@2.4.1, django-libsass@0.7
  From: django@1.11.22
  From: cg-django-uaa@1.3.0 > django@1.11.22
  From: django-jinja@2.4.1 > django@1.11.22

✗ Medium severity vulnerability found in django
  Description: SQL Injection
  Info: https://snyk.io/vuln/SNYK-PYTHON-DJANGO-456566
  Introduced through: django@1.11.22, cg-django-uaa@1.3.0, django-jinja@2.4.1, django-libsass@0.7
  From: django@1.11.22
  From: cg-django-uaa@1.3.0 > django@1.11.22
  From: django-jinja@2.4.1 > django@1.11.22

Will upgrade to django@1.11.23. This issue is resolved by #3092

@patphongs
Copy link
Member

Upgrade to django@1.11.23 has been merged in, closing...

@patphongs patphongs mentioned this issue Feb 29, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jason-upchurch jason-upchurch

Labels
Please review Security: low Remediate within 90 days Security: moderate Remediate within 60 days Work: Back-end
Projects
None yet
Milestone
Sprint 9.6
Development

No branches or pull requests
5 participants
@PaulClark2 @patphongs @fec-jli @lbeaufort @jason-upchurch