Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AngularJS 1.7.9 Security Update #1245

Merged
merged 1 commit into from Nov 27, 2019
Merged

AngularJS 1.7.9 Security Update #1245

merged 1 commit into from Nov 27, 2019

Conversation

lkiesow
Copy link
Member

@lkiesow lkiesow commented Nov 25, 2019
edited

Sourced from The GitHub Security Advisory Database.

High severity vulnerability that affects angular
In AngularJS before 1.7.9 the function merge() could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.

Affected versions: ["< 1.7.9"]

This is similar to pull request #1229 but needed a manual patch since
this is part of the deprecated bower dependency management.

Your pull request should…

  • have a concise title
  • close an accompanying issue if one exists
  • be against the correct branch (features can only go into develop)
  • include migration scripts and documentation, if appropriate
  • pass automated testing
  • have a clean commit history
  • have proper commit messages (title and body) for all commits
  • have appropriate tags applied

@lkiesow
AngularJS 1.7.9 Security Update
42d26e4 
*Sourced from The GitHub Security Advisory Database.*

> **High severity vulnerability that affects angular**
> In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.
>
> Affected versions: ["< 1.7.9"]

This is similar to pull request opencast#1229 but needed a manual patch since
this is part of the deprecated bower dependency management.
@lkiesow lkiesow added bug dependencies Pull requests that update a dependency file ELAN Pull requests originating from ELAN e.V. security Pull requests that address a security vulnerability labels Nov 25, 2019
@gregorydlogan gregorydlogan self-assigned this Nov 27, 2019
@gregorydlogan gregorydlogan merged commit 42d26e4 into opencast:r/8.x Nov 27, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@gregorydlogan gregorydlogan

Labels
bug dependencies Pull requests that update a dependency file ELAN Pull requests originating from ELAN e.V. security Pull requests that address a security vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@lkiesow @gregorydlogan