decode-uri-component vulnerable to Denial of Service (DoS) #17

New Issue

Closed

opened 2022-11-29 04:42:18 +00:00 by argoyle · 0 comments

argoyle commented 2022-11-29 04:42:18 +00:00 (Migrated from gitlab.com)

Copy Link

Copy Source

⚠️ dependabot-gitlab has detected security vulnerability for decode-uri-component in path: /, manifest_file: /package.json but was unable to update it! ⚠️

• https://github.com/advisories/GHSA-w573-4hg7-7wgq

Package	Severity	Affected versions	Patched versions	IDs
decode-uri-component (NPM)	LOW	<= 0.2.0		GHSA-w573-4hg7-7wgq,CVE-2022-38900

Description

decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-38900
• https://github.com/SamVerschueren/decode-uri-component/issues/5
• https://github.com/sindresorhus/query-string/issues/345
• https://github.com/advisories/GHSA-w573-4hg7-7wgq

⚠️ `dependabot-gitlab` has detected security vulnerability for `decode-uri-component` in path: `/`, manifest_file: `/package.json` but was unable to update it! ⚠️ * https://github.com/advisories/GHSA-w573-4hg7-7wgq | Package | Severity | Affected versions | Patched versions | IDs | |----------------------------|----------|-------------------|------------------|----------------------------------------| | decode-uri-component (NPM) | LOW | <= 0.2.0 | | `GHSA-w573-4hg7-7wgq`,`CVE-2022-38900` | # Description decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. # References * https://nvd.nist.gov/vuln/detail/CVE-2022-38900 * https://github.com/SamVerschueren/decode-uri-component/issues/5 * https://github.com/sindresorhus/query-string/issues/345 * https://github.com/advisories/GHSA-w573-4hg7-7wgq

argoyle (Migrated from gitlab.com) closed this issue 2022-12-05 12:58:24 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

renovate/vue-router-5.x

renovate-group-stylelint

fix/remove-digest-pinning

remove-gitlab-ci

remove-aws-iam-auth

remove-kubeconfig

kubeconfig-secret

ci-migration

No results found.

Labels

Clear labels

dependencies

Pull requests that update a dependency file

docker

javascript

security

Pull requests that address a security vulnerability

severity:critical

severity:high

severity:low

severity:moderate

No Label security severity:low

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

argoyle (Joakim Olsson) buildtools (Buildtools) kubernetes (Kubernetes) releaser (Unbound Releaser) renovate (Renovate Bot)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: dancefinder/dancefinder-app#17