Page MenuHomePhabricator
Create Task
Maniphest T176974

Mime vulnerability blocking merges to MCS
Closed, ResolvedPublic
Actions

Description

21:37:25 (+) 1 vulnerabilities found
21:37:25 ┌───────────────┬─────────────────────────────────────────────────────────────────┐
21:37:25 │ │ Regular Expression Denial of Service │
21:37:25 ├───────────────┼─────────────────────────────────────────────────────────────────┤
21:37:25 │ Name │ mime │
21:37:25 ├───────────────┼─────────────────────────────────────────────────────────────────┤
21:37:25 │ CVSS │ 7.5 (High) │
21:37:25 ├───────────────┼─────────────────────────────────────────────────────────────────┤
21:37:25 │ Installed │ 1.3.4 │
21:37:25 ├───────────────┼─────────────────────────────────────────────────────────────────┤
21:37:25 │ Vulnerable │ < 1.4.1 || > 2.0.0 < 2.0.3 │
21:37:25 ├───────────────┼─────────────────────────────────────────────────────────────────┤
21:37:25 │ Patched │ >= 1.4.1 < 2.0.0 || >= 2.0.3 │
21:37:25 ├───────────────┼─────────────────────────────────────────────────────────────────┤
21:37:25 │ Path │ service-mobileapp-node@0.3.0 > express@4.15.5 > send@0.15.6 > … │
21:37:25 ├───────────────┼─────────────────────────────────────────────────────────────────┤
21:37:25 │ More Info │ https://nodesecurity.io/advisories/535
21:37:25 └───────────────┴─────────────────────────────────────────────────────────────────┘
21:37:25

Details

SubjectRepoBranchLines +/-
Update express to 4.16.0mediawiki/services/mobileappsmaster+1 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

Jdlrobson created this task.Sep 28 2017, 2:39 PM
Restricted Application added a project: Product-Infrastructure-Team-Backlog-Deprecated. · View Herald TranscriptSep 28 2017, 2:39 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Jdlrobson added a parent task: T175286: Do side by side comparison of old summary endpoint against new summary endpoint.Sep 28 2017, 3:23 PM
Jdlrobson moved this task from Inbox to Next up on the User-Jdlrobson board.
Mholloway subscribed.Sep 28 2017, 3:26 PM

Express release with a fix planned for today, see https://github.com/expressjs/express/issues/3431 and https://github.com/expressjs/express/pull/3423

gerritbot subscribed.Sep 28 2017, 6:32 PM

Change 381280 had a related patch set uploaded (by Mholloway; owner: Mholloway):
[mediawiki/services/mobileapps@master] Update express to 4.16.0

https://gerrit.wikimedia.org/r/381280

gerritbot added a project: Patch-For-Review.Sep 28 2017, 6:32 PM
gerritbot added a comment.Sep 28 2017, 6:44 PM

Change 381280 merged by jenkins-bot:
[mediawiki/services/mobileapps@master] Update express to 4.16.0

https://gerrit.wikimedia.org/r/381280

Mholloway closed this task as Resolved.Sep 28 2017, 7:02 PM
Mholloway claimed this task.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL