Check logs Sprint 17.4 week 1 (03/02/2022)

[pkfec]

Log review needs to be completed per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

Ref: Check logs sprint 17.3 week 2

[fec-jli]

FEC-CMS:
package.json: 0

requirements.txt: 5 Medium, 3 Low
[Snyk:Medium]: django Denial of Service (DoS) will solve in fecgov/fec-cms#5030
[Snyk:Medium]: [django Access Restriction Bypass] will solve in fecgov/fec-cms#5030
[Snyk:Medium]: [django Cross-site Scripting (XSS)] will solve in fecgov/fec-cms#5030
[Snyk:Medium]: [pillow Improper Input Validation] will solve in fecgov/fec-cms#5071
[Snyk:Medium new]: [gitpython Regular Expression Denial of Service (ReDoS)] will solve in fecgov/fec-cms#5081

[Snyk:Low]: [django Directory Traversal]will solve in fecgov/fec-cms#5030
[Snyk:Low]: [django Information Exposure]will solve in fecgov/fec-cms#5030
[Snyk:Low]: [wagtail Information Exposure] will solve in fecgov/fec-cms#5043

OPEN-FEC:
package.json: 0

requirements.txt: 1 High, 2 Medium
[SNYK: High ] [ujson Out-of-Bounds Write] (#5058)
[Snyk: Medium]: [Celery Stored Command Injection] (#5017)
[Snyk: Medium new]: [gitpython Regular Expression Denial of Service (ReDoS)] (#5065)

flyway: 1 High, 3 Medium
[SNYK: High] Remote Code Execution (RCE) (#5059)
[SNYK: Medium new] com.fasterxml.jackson.core:jackson-databind Denial of Service (DoS) (#5064)
These two Medium issues are same due to
software.amazon.awssdk:netty-nio-client@2.17.53.
don't create ticket, wait until this ticket done: upgrade flyway then to check again:
[SNYK: Medium new]Improper Certificate Validation
[SNYK: Medium new]Unsafe Dependency Resolution

FEC-EREGS:
package.json: 0
requirements.txt: 0

FEC-PATTERN-LIBRARY:
package.json: None

Search logs:
No log results for "User change"

Cloud.gov Dashboard:
9 deployer accounts, same as last week.

Off-boarding:
None for this week