[JOC-1433] Upgrade loader-utils to 3.2.1 due to 3rd Party vulnerability CVE-2022-37599 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.5.0
Fix Version/s: 2.5.1
Component/s: None
Labels:
None

CVE-ID:
CVE-2022-37599

Description

Current Situation

JS7 JOC Cockpit currently uses the loader-utils 3.2.0 3rd-party component. A vulnerability affects this version, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37599.

We rate this vulnerability as low as it does not affect usage in JOC Cockpit, as there are no user inputs processed which could produce such a crafted request.

Desired Behavior

JS7 JOC Cockpit should use loader-utils 3.2.1 which resolves the issue.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

vulnerability.png
29 November 2022 12:50
53 kB
Pratishtha Pandey

Activity

People

Assignee:: Sourabh Agrawal

Reporter:: Santiago Aucejo Petzoldt

Approver:: Pratishtha Pandey

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 24 November 2022 09:29

Updated:: 21 December 2022 08:15

Resolved:: 25 November 2022 06:20