[Bug 1955556] Re: Javascript libraries with vulnerabilities
Corey Bryant
1955556 at bugs.launchpad.net
Tue Jan 25 21:57:18 UTC 2022
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to horizon in Ubuntu.
https://bugs.launchpad.net/bugs/1955556
Title:
Javascript libraries with vulnerabilities
Status in OpenStack Dashboard (Horizon):
Invalid
Status in OpenStack Security Advisory:
Won't Fix
Status in horizon package in Ubuntu:
New
Bug description:
A security scan executed by a customer detected javascript libraries
with known vulnerabilities in horizon dashboard on focal ussuri
(3:18.3.4-0ubuntu1):
# libraries with vulnerabilities
## jQuery 1.12.4
* https://github.com/jquery/jquery/issues/2432
## jQuery Migrate 1.2.1
* http://bugs.jquery.com/ticket/11290
## AngularJS 1.5.8
* https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a
* https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19
* https://nvd.nist.gov/vuln/detail/CVE-2020-7676
The libraries are included via https://github.com/openstack/horizon/blob/stable/ussuri/requirements.txt
Is it possible to updated these libraries and release an updated
package?
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1955556/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list