request #22603 Client denial of service via the syntax highlighting of ASCIIDoc content

Artifact

Infos

Artifact ID#22603

Submitted byThomas Gerbet (tgerbet)

Last Modified On2021-08-05 10:53

Submitted on2021-08-04 17:24

Rank24167

Details

Summary *

Client denial of service via the syntax highlighting of ASCIIDoc content

Original Submission

A ReDoS issue has been identified in PrismJS, the library Tuleap uses to do the syntax highlighting work.

Advisory: https://github.com/advisories/GHSA-gj77-59wh-66hg

CategoryOther

Reported in versionEmpty

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toThomas Gerbet (tgerbet)

StatusClosed

Close date2021-08-05

Attachments

Connected artifacts

Artifact links

Releases

Fixed in

	Artifact ID	Project	Tracker	Summary	Status	Last Update Date	Submitted By	Assigned to
	rel #20933	Tuleap	Releases	12.12	Delivered	2021-23-08 16:01	Manuel Vacelet (vaceletm)

Reverse artifact links

Empty

AttachmentsEmpty

References

Cross references

Referencing request #22603

Git commit

tuleap/tuleap/stable

Merge commit 'refs/changes/09/23609/1' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 154d0e94fa

Yannis ROSSETTO (rossettoy) , 2021-08-05 10:52

request #22603: Client denial of service via the syntax highlighting of ASCIIDoc content 77cc652e20

Thomas Gerbet (tgerbet) , 2021-08-04 17:34

Show items referenced by request #22603

Referenced by request #22603

Artifact Tracker v5

rel #20933 12.12

Other

gerrit #23609

Follow-ups

Yannis ROSSETTO (rossettoy)

2021-08-05 10:53

Integrated into Tuleap 12.11.99.120

Status changed from Under review to Closed
Connected artifacts
- Added Fixed in: rel #20933
Close date set to 2021-08-05

Thomas Gerbet (tgerbet)

2021-08-04 17:37

Patch under review: gerrit #23609.

Status changed from Under implementation to Under review

Public