Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

POSTCSS 12012023 - Improper Input Validation #4545

Closed
1 task done
Jin-Sun-tts opened this issue Dec 1, 2023 · 2 comments
Closed
1 task done

POSTCSS 12012023 - Improper Input Validation #4545

Jin-Sun-tts opened this issue Dec 1, 2023 · 2 comments
Assignees
@Jin-Sun-tts
Labels
bug Software defect or bug compliance Relating to security compliance or documentation O&M Operations and maintenance tasks for the Data.gov platform
Milestone
February 2024

Comments

@Jin-Sun-tts
Copy link
Contributor

Jin-Sun-tts commented Dec 1, 2023
edited
Loading

Please keep any sensitive details in Google Drive.

Date of report: 2023-12-01
Severity: Moderate
Due date: 2024-03-01

Due date is based on severity and described in RA-5. 15-days for Critical, 30-days for High, and 90-days for Moderate and lower.

  • Analysis has been performed and an issue has been linked to address other occurrences for this class of vulnerability* (link)

* When a finding is identified, we create two issues. One to address the specific instance identified in the report. The other is to identify and address all other occurrences of this vulnerability within the application.

Brief description

https://docs.google.com/document/d/1rW0VOzfCrjXOI0O1gTAOm225_fTbu5Cjrg7yJTYYBBg/edit#bookmark=kix.aujuf67rbe01
@Jin-Sun-tts Jin-Sun-tts added compliance Relating to security compliance or documentation bug Software defect or bug labels Dec 1, 2023
@Jin-Sun-tts Jin-Sun-tts mentioned this issue Dec 1, 2023
Merged
@FuhuXia FuhuXia added this to the February 2024 milestone Dec 1, 2023
@gujral-rei gujral-rei moved this to 🧊 Icebox in data.gov team board Dec 7, 2023
@gujral-rei gujral-rei moved this from 🧊 Icebox to 📟 Sprint Backlog [7] in data.gov team board May 30, 2024
@hkdctol hkdctol added the O&M Operations and maintenance tasks for the Data.gov platform label Jun 6, 2024
@hkdctol
Copy link
Contributor

hkdctol commented Jun 6, 2024

Test if pinning to exact fixed version solves problem or investigate if Snyk is not reporting properly in this instance.

@Jin-Sun-tts Jin-Sun-tts self-assigned this Jun 27, 2024
@Jin-Sun-tts Jin-Sun-tts moved this from 📟 Sprint Backlog [7] to 🏗 In Progress [8] in data.gov team board Jun 27, 2024
@Jin-Sun-tts
Copy link
Contributor Author

The INFLIGH one is related memory leak which does not affect to static site.

The other one POSTCSS, we are on the fixed version (8.4.38) for the main dependency, but for some other dependencies in lockfile that depend on postcss@7 which does not have backport fixes. see postcss/postcss#1890

@Jin-Sun-tts Jin-Sun-tts mentioned this issue Jul 1, 2024
Merged
@github-project-automation github-project-automation bot moved this from 🏗 In Progress [8] to ✔ Done in data.gov team board Jul 1, 2024
@hkdctol hkdctol moved this from ✔ Done to 🗄 Closed in data.gov team board Jul 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Jin-Sun-tts Jin-Sun-tts

Labels
bug Software defect or bug compliance Relating to security compliance or documentation O&M Operations and maintenance tasks for the Data.gov platform
Projects
data.gov team board
Archived in project
Milestone
February 2024
Development

No branches or pull requests
3 participants
@FuhuXia @hkdctol @Jin-Sun-tts