Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-1281

Update Angular async package 2.6.2 to 3.2.2 due to 3rd party vulnerability issue CVE-2021-43138

    XMLWordPrintable

Details

    • CVE-2021-43138

    Description

      Vulnerability

      Risk Mitigation

      • Prototype Pollution
        • In JavaScript, prototypes define an object’s structure and properties so that the application knows how to deal with the data. But it turns out that modifying the prototype in one place will affect how the objects work throughout the entire application.
        • The JOC Cockpit does not make use of dynamic prototype modification. In fact methods to clone, merge, extend objects are used, however, they are not accessible to user input.
      • Severity
        • SOS consider this a minor vulnerability for JOC Cockpit as there is no exploit based on user input.

      Attachments

        Activity

          People

            ztsa0019 Sourabh Agrawal
            ap Andreas Püschel
            Kanika Agrawal Kanika Agrawal
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: