Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2020-7729 #750

Open
rsoika opened this issue Jul 6, 2021 · 1 comment
Open

CVE-2020-7729 #750

rsoika opened this issue Jul 6, 2021 · 1 comment
Labels
bug

Comments

@rsoika
Copy link
Member

rsoika commented Jul 6, 2021

grunt vulnerability found in …/imixs/package.json on May 7
Remediation

Upgrade grunt to version 1.3.0 or later. For example:

"dependencies": {
"grunt": ">=1.3.0"
}

or…

"devDependencies": {
"grunt": ">=1.3.0"
}

Always verify the validity and compatibility of suggestions with your codebase.
Details
CVE-2020-7729
high severity
Vulnerable versions: < 1.3.0
Patched version: 1.3.0

Effected File:

https://github.com/imixs/imixs-workflow/blob/master/imixs-workflow-faces/src/main/resources/META-INF/resources/imixs/jquery/themes/imixs/package.json
@rsoika rsoika added the bug label Jul 6, 2021
@rsoika rsoika added this to the 6.0.1 milestone Jul 6, 2021
@rsoika
Copy link
Member Author

rsoika commented Jul 6, 2021

Seems to be impossible to upgrade as the latest official version of jqueryUI 1.12.1still contains this outdated grunt version
See: https://jqueryui.com/

@rsoika rsoika removed this from the 6.0.1 milestone Jan 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rsoika