| Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JQUERY-565129
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
|
This patch provides some major upgrades to all database backend library.
It also fixes an issues that appears since the change from sequelize v3
to v5 where mariadb was originally handled by mysql2 and is now handled
by an own mariadb library.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Meta-marked 0.4.4 which we used from our git repository contains a
RegexDOS attack in the marked dependency. The dependency was already
updated in our meta-marked repository, but not updated in yarn.
This made us still vulnerable to this ReDOS which was able to cause a
DOS attack on the server when updating a note.
For Details:
https://github.com/markedjs/marked/releases/tag/v0.7.0
https://github.com/markedjs/marked/pull/1515
What is a ReDOS?
A ReDOS attack is a DOS attack where an attacker targets a
not-well-written Regular Expression. Regular expressions try to build a
tree of all possibilities it can match in order to figure out if the
given statement is valid or not. A ReDOS attack abuses this concept by
providing a statement that doesn't match but causes extremly huge trees
that simply lead to exhausting CPU usage.
For more details see: https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS
Credit:
Huge thanks to @bitinerant for finding this and handling it with a
responsible disclosure.
Also thanks to the `marked`-team for fixing things already.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
I don't really like the way to go here, but I guess having those
forcefully upgraded is better than staying around with vulnerable
dependencies.
This patch fixes some vulnerbilities in dependencies that were
categories as high severity.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
Signed-off-by: MartB <mart.b@outlook.de>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
|
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
|
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
