Details

    • Type: Bug
    • Status: Done
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.2.0
    • Component/s: PMM Server, QAN App
    • Labels:
    • Story Points:
      1
    • Sprint:
      Platform Sprint 5, Platform Sprint 6
    • Needs Review:
      Yes
    • Needs Doc:
      Yes

      Description

      https://github.com/advisories/GHSA-h9rv-jmmf-4pgx

      https://github.com/percona/pmm-server/network/alert/password-page/package-lock.json/serialize-javascript/open
      https://github.com/percona/qan-app/network/alert/package-lock.json/serialize-javascript/open

      The serialize-javascript package was updated to version 2.1.1
      because of the possibility of regular expressions cross-site scripting vulnerability in it (CVE-2019-16769). Please note PMM versions were not affected by this vulnerability, as the serialize-javascript package is used as a
      build dependency only.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            roma.novikov Roma Novikov
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - Not Specified
                Not Specified
                Logged:
                Time Spent - 1 hour, 15 minutes
                1h 15m

                  Smart Checklist