-
Type:
Bug
-
Status: Done
-
Priority:
High
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 2.2.0
-
Component/s: PMM Server, QAN App
-
Labels:
-
Story Points:1
-
Sprint:Platform Sprint 5, Platform Sprint 6
-
Needs Review:Yes
-
Needs Doc:Yes
https://github.com/advisories/GHSA-h9rv-jmmf-4pgx
https://github.com/percona/pmm-server/network/alert/password-page/package-lock.json/serialize-javascript/open
https://github.com/percona/qan-app/network/alert/package-lock.json/serialize-javascript/open
—
The serialize-javascript package was updated to version 2.1.1
because of the possibility of regular expressions cross-site scripting vulnerability in it (CVE-2019-16769). Please note PMM versions were not affected by this vulnerability, as the serialize-javascript package is used as a
build dependency only.