Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: upgrade body-parser to >=1.20.3 to fix CVE-2024-45590 DoS attacks #3657

Open
petermetz opened this issue Nov 28, 2024 · 0 comments · May be fixed by #3658
Open

fix: upgrade body-parser to >=1.20.3 to fix CVE-2024-45590 DoS attacks #3657

petermetz opened this issue Nov 28, 2024 · 0 comments · May be fixed by #3658
Assignees
@petermetz
Labels
bug Something isn't working P1 Priority 1: Highest Security Related to existing or potential security vulnerabilities
Milestone
v2.1.0

Comments

@petermetz
Copy link
Contributor

Description

Dependabot is not able to resolve this (seemingly) simple vulnerability issue so we have to get in there and manually bump body-parser.

https://github.com/hyperledger-cacti/cacti/security/dependabot/1218

CVE ID
CVE-2024-45590

GHSA ID
GHSA-qwcr-r2fm-qrc7

image

Acceptance Criteria

  1. All versions are above or equal to 1.20.3
  2. Tests are still passing
@petermetz petermetz added bug Something isn't working Security Related to existing or potential security vulnerabilities labels Nov 28, 2024
@petermetz petermetz added this to the v2.1.0 milestone Nov 28, 2024
@petermetz petermetz self-assigned this Nov 28, 2024
@petermetz petermetz added the P1 Priority 1: Highest label Nov 28, 2024
petermetz added a commit to petermetz/cacti that referenced this issue Nov 28, 2024
@petermetz
fix: upgrade body-parser to >=1.20.3 to fix CVE-2024-45590 DoS attacks
f75c23c 
Dependabot is not able to resolve this (seemingly) simple vulnerability
issue so we have to get in there and manually bump `body-parser`.

https://github.com/hyperledger-cacti/cacti/security/dependabot/1218

CVE ID
CVE-2024-45590

GHSA ID
GHSA-qwcr-r2fm-qrc7

Fixes hyperledger-cacti#3657

Signed-off-by: Peter Somogyvari <[email protected]>
@petermetz petermetz linked a pull request Nov 28, 2024 that will close this issue
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@petermetz petermetz

Labels
bug Something isn't working P1 Priority 1: Highest Security Related to existing or potential security vulnerabilities
Projects
None yet
Milestone
v2.1.0
Development

Successfully merging a pull request may close this issue.

fix: upgrade body-parser to >=1.20.3 to fix CVE-2024-45590 DoS attacks petermetz/cacti
1 participant
@petermetz