[WEBUI-1523] [MARKED] SRCCLR-SID-6274 | Unknown - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: In Review
Priority: Minor
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: Web UI

Epic Link:
Fix potential redos issue with the Marked library
Tags:
- nxui
- nxui-triaged
Sprint:
UI COOLDOWN - 2024-9, UI - 2024-9, UI COOLDOWN - 2024-11
Story Points:
3

Description

SRCCLR-SID-6274 | Unknown

Severity : Medium

marked is vulnerable to regular expression denial of service (ReDoS) attacks. A malicious user can pass a string that when parsed can cause a ReDoS.

Module : marked

nuxeo-web-ui.zip#zip:node_modules:marked

Current Version : 0.3.19

Recommended version to upgrade : 12.0.2 ( Latest )

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

image-2024-05-15-16-23-26-403.png
93 kB
2024-05-15 10:53
Screenshot from 2024-09-09 10-43-36.png
60 kB
2024-09-09 05:13

Issue Links

is cloned by

WEBUI-1524 [MARKED] SRCCLR-SID-6127 | Unknown

Open

Activity

People

Assignee:

rakesh.kumarsingh@contractors.onbase.com

Reporter:

Madhur Kulshrestha

Participants:

Madhur Kulshrestha, rakesh.kumarsingh@contractors.onbase.com

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

2024-05-14 12:26

Updated:

2024-10-18 10:22

Time Tracking

Estimated:

Not Specified

Remaining:

0m

Logged:

1d 1h