-
Notifications
You must be signed in to change notification settings - Fork 906
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2021-23424 (High) detected in ansi-html-0.0.7.tgz #1065
Labels
cve
Security vulnerabilities detected by Dependabot or Mend
high severity
High severity CVE
Mend: dependency security vulnerability
Security vulnerability detected by Mend
v2.0.0
Comments
mend-for-github-com
bot
added
the
Mend: dependency security vulnerability
Security vulnerability detected by Mend
label
Jan 4, 2022
tmarkley
added
high severity
High severity CVE
cve
Security vulnerabilities detected by Dependabot or Mend
labels
Jan 4, 2022
Need to upgrade |
tmarkley
pushed a commit
to tmarkley/OpenSearch-Dashboards
that referenced
this issue
Feb 9, 2022
* Upgrades `webpack-cli` from v3.3.10 to v4.9.2 * [CHANGELOG](https://github.com/webpack/webpack-cli/blob/webpack-cli%404.9.2/CHANGELOG.md) * `webpack-cli` changed the way that the `--env` flag is parsed. See webpack/webpack-cli#1216 for more information. * Upgrades `webpack-dev-server` from v3.11.2 to v4.7.4 * [CHANGELOG](https://github.com/webpack/webpack-dev-server/blob/v4.7.4/CHANGELOG.md) * [Migration guide](https://github.com/webpack/webpack-dev-server/blob/master/migration-v4.md) Resolves opensearch-project#1065 Signed-off-by: Tommy Markley <markleyt@amazon.com>
7 tasks
AMoo-Miki
pushed a commit
to AMoo-Miki/OpenSearch-Dashboards
that referenced
this issue
Feb 10, 2022
AMoo-Miki
pushed a commit
to AMoo-Miki/OpenSearch-Dashboards
that referenced
this issue
Feb 10, 2022
# [25.2.0](elastic/elastic-charts@v25.1.1...v25.2.0) (2021-03-09) ### Bug Fixes * **tooltip:** add boundary padding ([opensearch-project#1065](elastic/elastic-charts#1065)) ([5606eba](elastic/elastic-charts@5606eba)) ### Features * **partition:** flame and icicle performance and tweening ([opensearch-project#1041](elastic/elastic-charts#1041)) ([2ac7550](elastic/elastic-charts@2ac7550))
tmarkley
pushed a commit
that referenced
this issue
Feb 11, 2022
* Upgrades `webpack-cli` from v3.3.10 to v4.9.2 * [CHANGELOG](https://github.com/webpack/webpack-cli/blob/webpack-cli%404.9.2/CHANGELOG.md) * `webpack-cli` changed the way that the `--env` flag is parsed. See webpack/webpack-cli#1216 for more information. * Upgrades `webpack-dev-server` from v3.11.2 to v4.7.4 * [CHANGELOG](https://github.com/webpack/webpack-dev-server/blob/v4.7.4/CHANGELOG.md) * [Migration guide](https://github.com/webpack/webpack-dev-server/blob/master/migration-v4.md) Resolves #1065 Signed-off-by: Tommy Markley <markleyt@amazon.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
cve
Security vulnerabilities detected by Dependabot or Mend
high severity
High severity CVE
Mend: dependency security vulnerability
Security vulnerability detected by Mend
v2.0.0
CVE-2021-23424 - High Severity Vulnerability
Vulnerable Library - ansi-html-0.0.7.tgz
An elegant lib that converts the chalked (ANSI) text to HTML.
Library home page: https://registry.npmjs.org/ansi-html/-/ansi-html-0.0.7.tgz
Dependency Hierarchy:
Found in HEAD commit: 4fd064970b66ce555f48c22dfab6ed965d0e260a
Found in base branch: main
Vulnerability Details
This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.
Publish Date: 2021-08-18
URL: CVE-2021-23424
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-23424
Release Date: 2021-08-18
Fix Resolution: VueJS.NetCore - 1.1.1;Indianadavy.VueJsWebAPITemplate.CSharp - 1.0.1;NorDroN.AngularTemplate - 0.1.6;CoreVueWebTest - 3.0.101;dotnetng.template - 1.0.0.4;Fable.Template.Elmish.React - 0.1.6;SAFE.Template - 3.0.1;GR.PageRender.Razor - 1.8.0;Envisia.DotNet.Templates - 3.0.1
The text was updated successfully, but these errors were encountered: