Update problematic admin interface libraries

Steps to reproduce

A few admin interface libraries have known security vulnerabilities.
Luckily, these are only used while building/testing Opencast making them
more or less uncritical.

  • https-proxy-agent (CVE-2018-3736):
    https-proxy-agent passes unsanitized options to Buffer(arg) resulting
    in DoS and uninitialized memory leak.

  • url-parse (CVE-2018-3774):
    Incorrect parsing in url-parse <1.4.3 returns wrong hostname which
    leads to multiple vulnerabilities such as SSRF, Op...

Assignee

Lars Kiesow

Reporter

Lars Kiesow

Severity

Security

Tags (folksonomy)

None

Components

Affects versions

Priority

Major
Configure