Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-1948

Update rollup (npm) due to 3rd Party vulnerability CVE-2024-47068

    XMLWordPrintable

Details

    • Fix
    • Status: Released (View Workflow)
    • Minor
    • Resolution: Fixed
    • 2.7.1
    • 2.7.2
    • None
    • None
    • CVE-2024-47068

    Description

      Current Situation

      • JS7 JOC Cockpit uses AngularJS and npm to build the javascript part of the web application JS7 JOC Cockpit.
      • The vulnerable package is not included with the JOC Cockpit application. This means that customers are not affected, the SOS build environment only is affected.

      Desired Behavior

      • The rollup package is no longer used by JOC Cockpit when building the software.
      • JS7 JOC Cockpit should use a newer version of the build tool npm that does not make use of the vulnerable package.

      Impact

      • We rate the impact to our software as zero.
      • The vulnerable component is only related through the build framework npm to build the JavaScript web application and is in no way used by the application or shipped with the application .

      Attachments

        Activity

          People

            ZtRahul193 Rahul Patidar
            sp Santiago Aucejo Petzoldt
            Santiago Aucejo Petzoldt Santiago Aucejo Petzoldt
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: