Check logs Innovation sprint 16 week1 (12/22/2021)

[pkfec]

Log review needs to be completed per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

Ref: Check logs sprint 16.6 - week 2

[pkfec]

FEC-CMS:
package.json: None
requirements.txt: 2
[Snyk:High]: [ Cross-site Scripting ] (fecgov/fec-cms#4994)
[Snyk:Medium]: [Access Restriction Bypass] (fecgov/fec-cms#4993)

OPEN-FEC:
package.json: 1
[Snyk: Medium]: [User Interface Misrepresentation of Critical Information] (#5007)
requirements.txt: None
flyway: None

FEC-EREGS:
package.json: 1 Critical, 6 High, 13 Medium.

Note: 12/13 medium snyk vulnerabilities are flagged on node-sass package 1/13 medium snyk vulnerability is flagged on lodash.
[Snyk: High/Critical]: [lodash Command injection] (fecgov/fec-eregs#643)
[Snyk: High] [node-sass null pointer dereference] (fecgov/fec-eregs#644)
Note: node-sass is flagged as highly vulnerable on Out-of-bounds Read and Use After Free)
[Snyk: High]: [json-schema prototype pollution] (fecgov/fec-eregs#645)
[Snyk: High] [anti-regex Regular Expression Denial of Service (ReDoS)] (fecgov/fec-eregs#646)

requirements.txt: 1
[Snyk: Medium]: [Access Restriction Bypass] (fecgov/fec-eregs#638)

requirements-parsing.txt: 3 critical, 10 high, 8 medium

FEC-PATTERN-LIBRARY:
package.json: None

Search logs:
No log results for "User change"

Cloud.gov Dashboard:
9 deployer accounts, same as last week.

Off-boarding:
None for this week