[JOC-1949] Update body-parser (npm) due to 3rd Party vulerability CVE-2024-45590 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.7.1
Fix Version/s: 2.7.2
Component/s: None
Labels:
None

CVE-ID:
CVE-2024-45590

Description

Current Situation

JS7 JOC Cockpit uses AngularJS and npm to build the javascript part of the web application JS7 JOC Cockpit.
The vulnerable package is not included with the JOC Cockpit application. This means that customers are not affected, the SOS build environment only is affected.

Desired Behavior

The body-parser package is no longer used by JOC Cockpit when building the software.
JS7 JOC Cockpit should use a newer version of the build tool npm that does not make use of the vulnerable package

Impact

We rate the impact to our software as zero.
The vulnerable component is only related through the build framework npm to build the JavaScript web application and is in no way used by the application or shipped with the application .

Attachments

Activity

People

Assignee:: Rahul Patidar

Reporter:: Santiago Aucejo Petzoldt

Approver:: Santiago Aucejo Petzoldt

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 15 November 2024 09:32

Updated:: 15 November 2024 11:09

Resolved:: 15 November 2024 09:32