Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Babel to >=2.9.1 #5962

Closed
zenmonkeykstop opened this issue May 26, 2021 · 0 comments · Fixed by #5968
Closed

Update Babel to >=2.9.1 #5962

zenmonkeykstop opened this issue May 26, 2021 · 0 comments · Fixed by #5968
Labels
release blocker
Milestone
2.0.0

Comments

@zenmonkeykstop
Copy link
Contributor

A vulnerability in Babel 2.9.0 has been found that allows for arbitrary code execution, as described here: https://www.tenable.com/security/research/tra-2021-14

Initial analysis of the vulnerability indicates that it isn't exploitable in SecureDrop, but as a matter of course the dependency should be updated in the next release.
@zenmonkeykstop zenmonkeykstop added this to the 2.0.0 milestone May 26, 2021
@eloquence eloquence added this to SecureDrop Sprint #71 (5/20-6/2) in SecureDrop Team Board May 26, 2021
@zenmonkeykstop zenmonkeykstop mentioned this issue Jun 2, 2021
Merged
7 tasks
@eloquence eloquence removed this from SecureDrop Sprint #71 (5/20-6/2) in SecureDrop Team Board Jun 3, 2021
@rmol rmol closed this as completed in #5968 Jun 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
release blocker
Projects
None yet
Milestone
2.0.0
Development

Successfully merging a pull request may close this issue.

Update Babel from 2.5.1 to 2.9.1 freedomofpress/securedrop
2 participants
@eloquence @zenmonkeykstop