Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-1889

Update elliptic 6.5.5 due to 3rd party vulnerabilties CVE-2024-42459, CVE-2024-42460, CVE-2024-42461

    XMLWordPrintable

Details

    • Fix
    • Status: Released (View Workflow)
    • Major
    • Resolution: Fixed
    • 2.5.9, 2.6.6, 2.7.1
    • 2.5.10, 2.6.7, 2.7.2
    • None
    • None
    • CVE-2024-42459, CVE-2024-42460, CVE-2024-42461

    Description

      Current Situation

      JS7 JOC Cockpit ships with elliptic 6.5.5 which has some vulnerabilities that were published on 2nd August, 2024.

      Desired Behavior

      JS7 JOC Cockpit should use a newer version of elliptic where those vulnerabilites are resolved.

      Impact

      The vulnerabilities in elliptic 6.5.5 could allow attackers to alter cryptographic signatures, leading to potential unauthorized access or data tampering. This compromises the security of JS7 JOC Cockpit and may expose sensitive information.

      Attachments

        Activity

          People

            ZtRahul193 Rahul Patidar
            sp Santiago Aucejo Petzoldt
            Kanika Agrawal Kanika Agrawal
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: