[JOC-2213] Update elliptic version 6.6.1 due to 3rd-party vulnerability CVE-2025-14505 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Dismissed (View Workflow)
Priority: Medium
Resolution: Won't Fix
Affects Version/s: 2.5.10, 2.7.1
Fix Version/s: 2.5.13, 2.7.8
Component/s: JOC Cockpit GUI
Labels:
None

CVE-ID:
CVE-2025-14505

Description

Impact
Indirect dependency via jwk-to-pem. Used only for JWT verification. Vulnerable code path (ECDSA signing) is not used. No upstream fix available.

Maintainer Note
The issue is dismissed as no update version of the elliptic package is available.

Attachments

Activity

People

Assignee:: Neeraj Patidar

Reporter:: Andreas Püschel

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 17 April 2026 16:29

Updated:: 17 April 2026 17:29

Resolved:: 17 April 2026 16:32