Uploaded image for project: 'Percona Monitoring and Management'
  1. Percona Monitoring and Management
  2. PMM-5089

CVE-2019-16769

    Details

    • Type: Bug
    • Status: Done
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.2.0
    • Component/s: PMM Server, QAN App
    • Labels:
    • Story Points:
      1
    • Sprint:
      Platform Sprint 5, Platform Sprint 6
    • Needs Review:
      Yes
    • Needs Doc:
      Yes

      Description

      https://github.com/advisories/GHSA-h9rv-jmmf-4pgx

      https://github.com/percona/pmm-server/network/alert/password-page/package-lock.json/serialize-javascript/open
      https://github.com/percona/qan-app/network/alert/package-lock.json/serialize-javascript/open

      The serialize-javascript package was updated to version 2.1.1
      because of the possibility of regular expressions cross-site scripting vulnerability in it (CVE-2019-16769). Please note PMM versions were not affected by this vulnerability, as the serialize-javascript package is used as a
      build dependency only.

        Smart Checklist

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                roma.novikov Roma Novikov
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - Not Specified
                  Not Specified
                  Logged:
                  Time Spent - 1 hour, 15 minutes
                  1h 15m