PRISMA-2022-0039 - High vulnerability #329

AKhares · 2022-02-24T12:00:32Z

What happened: Vulnerability PRISMA-2022-0039 is found in scan.

What you expected to happen: Need to fix this security risk

How to reproduce it (as minimally and precisely as possible): Its coming in twistlock scan

Report details:

CVE ID	Compliance ID	Type	Severity	Packages	Source Package	Package Version	Package License	CVSS	Fix Status	Fix Date	Grace Days	Vulnerability Tags	Description	Cause	Published	Custom Labels	Vulnerability Link
PRISMA-2022-0039	49	javascript	high	minimatch		3.0.4	ISC	7.5	fixed in 3.0.5				minimatch package versions before 3.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS). It's possible to cause a denial of service when calling function braceExpand (The regex /\{.*\}/ is vulnerable and can be exploited).				isaacs/minimatch@`a8763f4`

Anything else we need to know?: N/A

Environment: N/A

Grafana Image Renderer version: 3.4.0
Grafana version: N/A
Installed plugin or remote renderer service: N/A
OS Grafana Image Renderer is installed on: N/A
User OS & Browser: N/A
Others:

The text was updated successfully, but these errors were encountered:

tcullum-rh · 2022-06-01T19:42:33Z

Why does the CVE ID say PRISMA-2022-0039? PRISMA-2022-0039 is not a valid CVE ID. Is there a valid CVE for this?

…dejs12 runtime (#1090) This PR contains two changes: 1. Fixes a security vuln with the minimatch package (identified by github). More details below 2. Upgrades the aws nodejs runtime past the now End-of-support nodejs12 runtime, which the tflint complained about after fixing the above security vuln # Package Dependency - Repository: [pytorch/test-infra](https://github.com/pytorch/test-infra) - Manifest file: [terraform-aws-github-runner/modules/webhook/lambdas/webhook/yarn.lock](https://github.com/pytorch/test-infra/blob/main/terraform-aws-github-runner/modules/webhook/lambdas/webhook/yarn.lock) - Package name: [minimatch](https://npmjs.com/package/minimatch) - Affected versions: < 3.0.5 - Fixed in version: 3.0.5 - Severity: HIGH # References https://nvd.nist.gov/vuln/detail/CVE-2022-3517 grafana/grafana-image-renderer#329 isaacs/minimatch@a8763f4 nodejs/node#42510 GHSA-f8q6-p94x-37v3

AgnesToulet mentioned this issue Mar 14, 2022

Security: upgrade dependencies #337

Merged

AgnesToulet closed this as completed in #337 Mar 23, 2022

TheKingTermux mentioned this issue Oct 24, 2022

minimatch ReDoS vulnerability TheKingTermux/alice#167

Closed

4 tasks

sjgupta19 mentioned this issue Oct 26, 2022

False positive. Detecting CVE-2022-3517 when fixed aquasecurity/trivy#3082

Closed

2 tasks

ZainRizvi mentioned this issue Nov 16, 2022

Upgrade to secure version of minimatch & upgrade deprecated lambda nodejs12 runtime pytorch/test-infra#1090

Merged

debricked bot mentioned this issue Mar 10, 2023

Fix CVE–2022–3517 harry720320/example-jenkins#1

Open

ahernandez111 mentioned this issue Mar 15, 2023

high vulnerability issue in dependent package minimatch mysticatea/npm-run-all#252

Open

debricked bot mentioned this issue Jul 3, 2023

Fix CVE–2022–3517 CODING123-qw/Next.js#2

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PRISMA-2022-0039 - High vulnerability #329

PRISMA-2022-0039 - High vulnerability #329

AKhares commented Feb 24, 2022

tcullum-rh commented Jun 1, 2022

PRISMA-2022-0039 - High vulnerability #329

PRISMA-2022-0039 - High vulnerability #329

Comments

AKhares commented Feb 24, 2022

tcullum-rh commented Jun 1, 2022