Uploaded image for project: 'Percona Monitoring and Management'
  1. Percona Monitoring and Management
  2. PMM-6101

CVE-2020-7662: Update websocket-extensions to 0.1.4

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: Low
    • Resolution: Fixed
    • Affects Version/s: 1.17.3
    • Fix Version/s: 1.17.4
    • Component/s: QAN App
    • Labels:
    • Story Points:
      1
    • Sprint:
      Platform Sprint 19, Platform Sprint 20
    • Needs Review:
      Yes
    • Needs QA:
      Yes
    • Needs Packaging:
      No
    • Needs Doc:
      No

      Description

      Git hub reported a moderate severity on some PMM components 

       

      Looks like this is pmm1 only problem

      https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions/

      https://github.com/advisories/GHSA-g78m-2chm-r7qv

       

      Automated PR's:  

      https://github.com/percona/pmm-server/pull/214

      https://github.com/percona/qan-app/pull/387

       

       

       

      DOC:  We should explain how this NOT affects PMM users 

       

        Smart Checklist

          Attachments

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              roma.novikov Roma Novikov
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - Not Specified
                  Not Specified
                  Logged:
                  Time Spent - 30 minutes
                  30m