Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #9913 Potential regular expression denial of service through Tuleap Realtime dependencies
    Actions
    Infos
    #9913
    Thomas Gerbet (tgerbet)
    2017-01-30 13:20
    2017-01-30 09:15
    10206
    Details
    Potential regular expression denial of service through Tuleap Realtime dependencies
    Tuleap Realtime has a dependency to convict < 2 which himself depends on a vulnerable version of moment [1]

    In our context it is not really exploitable but potentially vulnerable dependencies should be updated.


    [1] https://github.com/moment/moment/commit/663f33e333212b3800b63592cd8e237ac8fabdb9
    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Under implementation
    Empty
    Attachments
    Artifact links
    Empty
    Empty
    References
    Referenced by request #9913

    Other

    gerrit #7544
    Display settings

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2017-01-30 13:20
    We can not update to moment 2 until we have a NodeJS >= 4 which is not the case on CentOS 6 with the EPEL repo.