Uploaded image for project: 'Opencast'
  1. Opencast
  2. MH-13070

Update JS build and test libraries

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed and reviewed
    • Affects Version/s: 6.0
    • Fix Version/s: 6.0
    • Component/s: Administrative User Interface
    • Labels:
      None
    • Severity:
      Security
    • Steps to reproduce:
      Hide
      This patch updates a couple of build and test libraries used in
      Opencast's administrative user interface.

      The updates also fix an (uncritical) security vulnerability in one of
      the libraries which gets replaced by this patch:

      - timespan (CVE-2017-16115):
        The timespan module is vulnerable to regular expression denial of
        service. Given 50k characters of untrusted user input it will block
        the event loop for around 10 seconds.
      Show
      This patch updates a couple of build and test libraries used in Opencast's administrative user interface. The updates also fix an (uncritical) security vulnerability in one of the libraries which gets replaced by this patch: - timespan (CVE-2017-16115):   The timespan module is vulnerable to regular expression denial of   service. Given 50k characters of untrusted user input it will block   the event loop for around 10 seconds.

      TestRail: Results

        Attachments

          Activity

            People

            • Assignee:
              lkiesow Lars Kiesow
              Reporter:
              lkiesow Lars Kiesow
            • Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                TestRail: Cases