Details
-
Bug
-
Status: Done
-
High
-
Resolution: Fixed
-
None
-
1
-
Yes
-
Yes
Description
https://github.com/advisories/GHSA-h9rv-jmmf-4pgx
https://github.com/percona/pmm-server/network/alert/password-page/package-lock.json/serialize-javascript/open
https://github.com/percona/qan-app/network/alert/package-lock.json/serialize-javascript/open
—
The serialize-javascript package was updated to version 2.1.1
because of the possibility of regular expressions cross-site scripting vulnerability in it (CVE-2019-16769). Please note PMM versions were not affected by this vulnerability, as the serialize-javascript package is used as a
build dependency only.