Page MenuHomePhabricator

Mime vulnerability blocking merges to MCS
Closed, ResolvedPublic

Description

21:37:25 (+) 1 vulnerabilities found
21:37:25 ┌───────────────┬─────────────────────────────────────────────────────────────────┐
21:37:25 │ │ Regular Expression Denial of Service │
21:37:25 ├───────────────┼─────────────────────────────────────────────────────────────────┤
21:37:25 │ Name │ mime │
21:37:25 ├───────────────┼─────────────────────────────────────────────────────────────────┤
21:37:25 │ CVSS │ 7.5 (High) │
21:37:25 ├───────────────┼─────────────────────────────────────────────────────────────────┤
21:37:25 │ Installed │ 1.3.4 │
21:37:25 ├───────────────┼─────────────────────────────────────────────────────────────────┤
21:37:25 │ Vulnerable │ < 1.4.1 || > 2.0.0 < 2.0.3 │
21:37:25 ├───────────────┼─────────────────────────────────────────────────────────────────┤
21:37:25 │ Patched │ >= 1.4.1 < 2.0.0 || >= 2.0.3 │
21:37:25 ├───────────────┼─────────────────────────────────────────────────────────────────┤
21:37:25 │ Path │ service-mobileapp-node@0.3.0 > express@4.15.5 > send@0.15.6 > … │
21:37:25 ├───────────────┼─────────────────────────────────────────────────────────────────┤
21:37:25 │ More Info │ https://nodesecurity.io/advisories/535
21:37:25 └───────────────┴─────────────────────────────────────────────────────────────────┘
21:37:25

Details

Related Gerrit Patches:
mediawiki/services/mobileapps : masterUpdate express to 4.16.0

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

Change 381280 had a related patch set uploaded (by Mholloway; owner: Mholloway):
[mediawiki/services/mobileapps@master] Update express to 4.16.0

https://gerrit.wikimedia.org/r/381280

Change 381280 merged by jenkins-bot:
[mediawiki/services/mobileapps@master] Update express to 4.16.0

https://gerrit.wikimedia.org/r/381280

Mholloway closed this task as Resolved.Sep 28 2017, 7:02 PM
Mholloway claimed this task.