| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Meta-marked 0.4.4 which we used from our git repository contains a
RegexDOS attack in the marked dependency. The dependency was already
updated in our meta-marked repository, but not updated in yarn.
This made us still vulnerable to this ReDOS which was able to cause a
DOS attack on the server when updating a note.
For Details:
https://github.com/markedjs/marked/releases/tag/v0.7.0
https://github.com/markedjs/marked/pull/1515
What is a ReDOS?
A ReDOS attack is a DOS attack where an attacker targets a
not-well-written Regular Expression. Regular expressions try to build a
tree of all possibilities it can match in order to figure out if the
given statement is valid or not. A ReDOS attack abuses this concept by
providing a statement that doesn't match but causes extremly huge trees
that simply lead to exhausting CPU usage.
For more details see: https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS
Credit:
Huge thanks to @bitinerant for finding this and handling it with a
responsible disclosure.
Also thanks to the `marked`-team for fixing things already.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
|
| | |
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
I don't really like the way to go here, but I guess having those
forcefully upgraded is better than staying around with vulnerable
dependencies.
This patch fixes some vulnerbilities in dependencies that were
categories as high severity.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
|
| |
|
|
| |
Signed-off-by: MartB <mart.b@outlook.de>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| |
|
|
| |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| | |
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\ |
|
| | | |
|
| |/
|
|
|
| |
* Separate different config source to each files
* Freeze config object
|
| | |
|
