-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk: High] Regular Expression Denial of Service (ReDoS) (due 1/15/2021) #4266
Comments
We've run into issues with weaknesses in @patphongs any preference between removing |
@rfultz Let's remove the ua-parser-js package from our code. Then close this issue as this vulnerability is not a risk due to it being behind an authenticated system. |
@patphongs @rfultz FYI, this was still being flagged by Snyk, so I marked it as "not vulnerable" with the note
|
Regular Expression Denial of Service (ReDoS)
Vulnerable module: | ua-parser-js
Fixed in: | 0.7.23
Detailed paths and remediation
Introduced through:
fec-cms@1.0.0 › ua-parser-js@0.7.22
Introduced through:
fec-cms@1.0.0 › draft-js@0.11.7 › fbjs@2.0.0 › ua-parser-js@0.7.22
Remediation:
Upgrade to
ua-parser-js@0.7.23
The text was updated successfully, but these errors were encountered: