Uploaded image for project: 'Percona Monitoring and Management'
  1. Percona Monitoring and Management
  2. PMM-5650

CVE-2020-7598: Update ESLints dependencies (acorn, minimist)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 1.17.3
    • Fix Version/s: 1.17.4
    • Component/s: PMM Server, QAN App
    • Labels:
    • Story Points:
      1
    • Sprint:
      Platform Sprint 12, Platform Sprint 13
    • Needs QA:
      Yes

      Description

      https://github.com/advisories/GHSA-7fhm-mqm4-2wp7

      Vulnerable versions: >= 6.0.0, < 6.4.1
      Patched version: 6.4.1

      There are high severity security vulnerabilities in two of ESLints dependencies:

      • acorn
      • minimist

      The releases 1.8.3 and lower of svjsl (JSLib-npm) are vulnerable, but only if installed in a developer environment. A patch has been released (v1.8.4) which fixes these vulnerabilities.

      Identifiers:

      CVE-2020-7598
      SNYK-JS-ACORN-559469 (doesn't have a CVE identifier)

      TODO:

      • Update all related PMM components
      • Update description to explain how PMM is affected

      Related PRs:

        Smart Checklist

          Attachments

            Activity

              People

              Assignee:
              roman.misyurin Roman Misyurin
              Reporter:
              roma.novikov Roma Novikov
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - Not Specified
                  Not Specified
                  Logged:
                  Time Spent - 20 minutes
                  20m