-
Notifications
You must be signed in to change notification settings - Fork 905
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2021-23490 (High) detected in parse-link-header
#1111
Comments
tmarkley
added
high severity
High severity CVE
cve
Security vulnerabilities detected by Dependabot or Mend
labels
Jan 7, 2022
Duplicate of #1069 |
tmarkley
removed
high severity
High severity CVE
cve
Security vulnerabilities detected by Dependabot or Mend
labels
Jan 14, 2022
AMoo-Miki
pushed a commit
to AMoo-Miki/OpenSearch-Dashboards
that referenced
this issue
Feb 10, 2022
AMoo-Miki
pushed a commit
to AMoo-Miki/OpenSearch-Dashboards
that referenced
this issue
Feb 10, 2022
# [28.2.0](elastic/elastic-charts@v28.1.0...v28.2.0) (2021-04-15) ### Bug Fixes * **xy:** consider `useDefaultGroupDomain` on scale config ([opensearch-project#1119](elastic/elastic-charts#1119)) ([269ff1a](elastic/elastic-charts@269ff1a)), closes [opensearch-project#1087](elastic/elastic-charts#1087) ### Features * **a11y:** allow user to pass custom description for screen readers ([opensearch-project#1111](elastic/elastic-charts#1111)) ([a0020ba](elastic/elastic-charts@a0020ba)), closes [#1097](elastic/elastic-charts#1097) * **partition:** add debuggable state ([opensearch-project#1117](elastic/elastic-charts#1117)) ([08f8baf](elastic/elastic-charts@08f8baf)), closes [opensearch-project#917](elastic/elastic-charts#917)
ananzh
added a commit
to ananzh/OpenSearch-Dashboards
that referenced
this issue
Mar 30, 2023
Issue Resolve opensearch-project#1111 Backport PR opensearch-project#1108 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
ananzh
added a commit
to ananzh/OpenSearch-Dashboards
that referenced
this issue
Mar 30, 2023
Issue Resolve opensearch-project#1111 Backport PR opensearch-project#1108 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
8 tasks
ananzh
added a commit
to ananzh/OpenSearch-Dashboards
that referenced
this issue
Mar 30, 2023
Issue Resolve opensearch-project#1111 Backport PR opensearch-project#1108 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
abbyhu2000
pushed a commit
that referenced
this issue
Apr 11, 2023
…) (#3820) Issue Resolve #1111 Backport PR #1108 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> (cherry picked from commit 6af2ae2) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
GHSA-q674-xm3x-2926 - High Severity Vulnerability
Vulnerable Library - parse-link-header@1.0.1
Parses a link header and returns paging information for each contained link.
Library home page: https://www.npmjs.com/package/parse-link-header
Dependency Hierarchy:
Found in base branch: main
Vulnerability Details
The package
parse-link-header
before2.0.0
are vulnerable to Regular Expression Denial of Service (ReDoS) via the checkHeader function.Publish Date: 2021-12-24
URL: CVE-2021-23490
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: thlorenz/parse-link-header#25
Release Date: 2022-01-06
Fix Resolution: parse-link-header - 2.0.0
The text was updated successfully, but these errors were encountered: