Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-1433

Upgrade loader-utils to 3.2.1 due to 3rd Party vulnerability CVE-2022-37599

    XMLWordPrintable

Details

    • Fix
    • Status: Released (View Workflow)
    • Minor
    • Resolution: Fixed
    • 2.5.0
    • 2.5.1
    • None
    • None
    • CVE-2022-37599

    Description

      Current Situation

      JS7 JOC Cockpit currently uses the loader-utils 3.2.0 3rd-party component. A vulnerability affects this version, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37599.

      We rate this vulnerability as low as it does not affect usage in JOC Cockpit, as there are no user inputs processed which could produce such a crafted request.

      Desired Behavior

      JS7 JOC Cockpit should use loader-utils 3.2.1 which resolves the issue.

      Attachments

        1. vulnerability.png
          53 kB
          Pratishtha Pandey

        Activity

          People

            ztsa0019 Sourabh Agrawal
            sp Santiago Aucejo Petzoldt
            Pratishtha Pandey Pratishtha Pandey
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: