Uploaded image for project: 'JOC - JS7 Operations Center'
  1. JOC - JS7 Operations Center
  2. JOC-2121

Upgrade dompurify to 3.2.6 due to 3rd party vulnerability CVE-2025-48050

    XMLWordPrintable

Details

    • Fix
    • Status: Released (View Workflow)
    • Minor
    • Resolution: Fixed
    • 2.7.5, 2.8.0
    • 2.7.6, 2.8.1
    • None
    • None
    • CVE-2025-48050

    Description

      Current Stuation

      Currently JS7 JOC-Cockpit ships with dompurify  3.2.4 which is affected by CVE-2025-48050.

      We rate the impact to our software as low as dompurify is an optional dependency of jsPDF and is not directly consumed in our software as our implementation does not rely on dompurify features.

      Desired Behavior

      JS7 should use dompurify version 3.2.6 which solves the issue.

      Attachments

        Activity

          People

            ZtRahul193 Rahul Patidar
            sp Santiago Aucejo Petzoldt
            Ajay Kumbhkar Ajay Kumbhkar
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: