[JOC-1562] Update JOC Cockpit GUI to Angular 16.1 due to 3rd-party vulnerabilities (CVE-2023-26118, CVE-2023-26117, CVE-2023-26116) - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Medium
Resolution: Fixed
Affects Version/s: 2.0.0
Fix Version/s: 2.5.4, 2.6.1
Component/s: JOC Cockpit GUI
Labels:
None

CVE-ID:
CVE-2023-26116, CVE-2023-26117, CVE-2023-26118

Description

Current Situation

The JS7 JOC Cockpit GUI makes use of Angular 14.3. The following vulnerabilities affect this version:

Risk Mitigation

SOS rates the vulnerabilities being of low risk. There is no exploit for the vulnerabilities.
The JOC Cockpit does not make use of the functions vulnerable to regular expression attacks.

Fix

Fixes will become available with next maintenance releases.
This includes to migrate the JOC Cockpit GUI to Angular 16.1

Attachments

Activity

People

Assignee:: Sourabh Agrawal

Reporter:: Andreas Püschel

Approver:: Kanika Agrawal

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22 June 2023 06:49

Updated:: 27 July 2023 16:19

Resolved:: 10 July 2023 15:01