-
Notifications
You must be signed in to change notification settings - Fork 894
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2022-0122 (Medium) detected in node-forge-0.10.0.tgz #1112
Labels
cve
Security vulnerabilities detected by Dependabot or Mend
medium severity
Medium severity CVE
Mend: dependency security vulnerability
Security vulnerability detected by Mend
v2.0.0
Comments
mend-for-github-com
bot
added
the
Mend: dependency security vulnerability
Security vulnerability detected by Mend
label
Jan 7, 2022
tmarkley
added
cve
Security vulnerabilities detected by Dependabot or Mend
medium severity
Medium severity CVE
labels
Jan 7, 2022
AMoo-Miki
pushed a commit
to AMoo-Miki/OpenSearch-Dashboards
that referenced
this issue
Feb 10, 2022
AMoo-Miki
pushed a commit
to AMoo-Miki/OpenSearch-Dashboards
that referenced
this issue
Feb 10, 2022
# [28.1.0](elastic/elastic-charts@v28.0.1...v28.1.0) (2021-04-13) ### Bug Fixes * **legend:** sizing for short labels with scrollbar ([opensearch-project#1115](elastic/elastic-charts#1115)) ([ebf2552](elastic/elastic-charts@ebf2552)) * **xy:** negative bar highlight and click ([opensearch-project#1109](elastic/elastic-charts#1109)) ([065673c](elastic/elastic-charts@065673c)), closes [opensearch-project#1100](elastic/elastic-charts#1100) ### Features * **a11y:** improve chart figure ([opensearch-project#1104](elastic/elastic-charts#1104)) ([373ea72](elastic/elastic-charts@373ea72)) * **partition:** order slices and sectors ([opensearch-project#1112](elastic/elastic-charts#1112)) ([72c0d1b](elastic/elastic-charts@72c0d1b)) * **partitions:** small multipies events pass on smAccessorValue ([opensearch-project#1106](elastic/elastic-charts#1106)) ([0e1f7de](elastic/elastic-charts@0e1f7de)) * **xy:** optionally rounds the domain to nice values ([opensearch-project#1087](elastic/elastic-charts#1087)) ([9c2eefc](elastic/elastic-charts@9c2eefc)) * **xy:** specify pixel and ratio width for bars ([opensearch-project#1114](elastic/elastic-charts#1114)) ([6294d5f](elastic/elastic-charts@6294d5f)) * mosaic ([opensearch-project#1113](elastic/elastic-charts#1113)) ([15c0d78](elastic/elastic-charts@15c0d78))
|
|
tmarkley
pushed a commit
to tmarkley/OpenSearch-Dashboards
that referenced
this issue
Feb 11, 2022
* [CHANGELOG](https://github.com/digitalbazaar/forge/blob/v1.2.1/CHANGELOG.md) * The major version bump introduces breaking changes, but none of them apply to Dashboards. * Upgrades `@elastic/request-crypto` from `1.1.4` to `2.0.0` which has a downstream dependency on `node-forge`. * `@elastic/request-crypto` uses `node-jose@2.0.0` which still depends on `node-forge@0.10.0` so we need a manual resolution for `node-jose@2.1.0`. Resolves opensearch-project#1112 Signed-off-by: Tommy Markley <markleyt@amazon.com>
7 tasks
tmarkley
pushed a commit
that referenced
this issue
Feb 22, 2022
* [CHANGELOG](https://github.com/digitalbazaar/forge/blob/v1.2.1/CHANGELOG.md) * The major version bump introduces breaking changes, but none of them apply to Dashboards. * Upgrades `@elastic/request-crypto` from `1.1.4` to `2.0.0` which has a downstream dependency on `node-forge`. * `@elastic/request-crypto` uses `node-jose@2.0.0` which still depends on `node-forge@0.10.0` so we need a manual resolution for `node-jose@2.1.0`. Resolves #1112 Resolves #1134 Signed-off-by: Tommy Markley <markleyt@amazon.com>
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
cve
Security vulnerabilities detected by Dependabot or Mend
medium severity
Medium severity CVE
Mend: dependency security vulnerability
Security vulnerability detected by Mend
v2.0.0
CVE-2022-0122 - Medium Severity Vulnerability
Vulnerable Library - node-forge-0.10.0.tgz
JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.
Library home page: https://registry.npmjs.org/node-forge/-/node-forge-0.10.0.tgz
Dependency Hierarchy:
Found in HEAD commit: 3d9f5425b6bb5dae38277bc68c45cb86ae608642
Found in base branch: main
Vulnerability Details
forge is vulnerable to URL Redirection to Untrusted Site
Publish Date: 2022-01-06
URL: CVE-2022-0122
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-gf8q-jrpm-jvxq
Release Date: 2022-01-06
Fix Resolution: 1.2.1
The text was updated successfully, but these errors were encountered: