Details

    • Bug
    • Status: Done
    • High
    • Resolution: Fixed
    • None
    • 2.2.0
    • PMM Server, QAN App
    • 1
    • Platform Sprint 5, Platform Sprint 6
    • Yes
    • Yes

    Description

      https://github.com/advisories/GHSA-h9rv-jmmf-4pgx

      https://github.com/percona/pmm-server/network/alert/password-page/package-lock.json/serialize-javascript/open
      https://github.com/percona/qan-app/network/alert/package-lock.json/serialize-javascript/open

      The serialize-javascript package was updated to version 2.1.1
      because of the possibility of regular expressions cross-site scripting vulnerability in it (CVE-2019-16769). Please note PMM versions were not affected by this vulnerability, as the serialize-javascript package is used as a
      build dependency only.

      Attachments

        Activity

          People

            Unassigned Unassigned
            roma.novikov Roma Novikov
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - Not Specified
                Not Specified
                Logged:
                Time Spent - 1 hour, 15 minutes
                1h 15m

                Smart Checklist