Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Denial of Service in mem #3225

Open
Tracked by #137
jason-upchurch opened this issue Oct 2, 2019 · 3 comments
Open
Tracked by #137

Denial of Service in mem #3225

jason-upchurch opened this issue Oct 2, 2019 · 3 comments
Labels
Pipeline: Blocked

Comments

@jason-upchurch
Copy link
Contributor

Summary

Medium severity vulnerability found in mem
Description: Denial of Service (DoS)
Info: https://snyk.io/vuln/npm:mem:20180117
Introduced through: [email protected]
From: [email protected] > [email protected] > [email protected] > [email protected]

Remediation:
Upgrade direct dependency [email protected] to [email protected] (triggers upgrades to [email protected])
@jason-upchurch jason-upchurch added the Security: moderate Remediate within 60 days label Oct 2, 2019
@jason-upchurch jason-upchurch added this to the Sprint 10.6 milestone Oct 2, 2019
@rfultz
Copy link
Contributor

rfultz commented Nov 14, 2019

😆
DISCLOSED 17 Jan 2018
PUBLISHED 29 Aug 2018

@rfultz
Copy link
Contributor

rfultz commented Nov 14, 2019

Looking into it, I think it's fine to decrease the priority of this for us. It might be important to address just so it's not outstanding, but we're only using mem for webpack, which builds our code and then that code is tested and deployed to the server. Being that "mem is an optimization used to speed up consecutive function calls by caching the result of calls with identical input", it's only being used when we npm run build or npm run build-production to generate our front-end assets.

@JonellaCulmer JonellaCulmer changed the title [Snyk: Med] Denial of Service in mem (Due 12/1/2019) [Snyk: Low] Denial of Service in mem (Due 12/31/2019) Nov 19, 2019
@JonellaCulmer JonellaCulmer added Security: low Remediate within 90 days and removed High priority Security: moderate Remediate within 60 days labels Nov 19, 2019
@JonellaCulmer JonellaCulmer removed High priority Security: low Remediate within 90 days labels Dec 2, 2019
@JonellaCulmer JonellaCulmer removed this from the PI 10 innovation milestone Dec 2, 2019
@JonellaCulmer JonellaCulmer changed the title [Snyk: Low] Denial of Service in mem (Due 12/31/2019) [Snyk: Low] Denial of Service in mem Dec 2, 2019
@JonellaCulmer JonellaCulmer changed the title [Snyk: Low] Denial of Service in mem Denial of Service in mem Dec 2, 2019
@rfultz
Copy link
Contributor

rfultz commented Dec 2, 2019

We're moving this to blocked by the Webpack 4 upgrade because it's such a low priority for us and because we're waiting for other orgs to prioritize and address this issue

@patphongs patphongs moved this to Blocked in Website project Feb 23, 2024
@patphongs patphongs mentioned this issue Feb 29, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Pipeline: Blocked
Projects
Website project
Status: ⛔ Blocked
Milestone
No milestone
Development

No branches or pull requests
4 participants
@AmyKort @rfultz @JonellaCulmer @jason-upchurch