Uploaded image for project: 'Data Management'
  1. Data Management
  2. DM-16930

git-lfs-s3-server github security warnings

    Details

    • Templates:
    • Story Points:
      7.75
    • Epic Link:
    • Team:
      SQuaRE

      Description

      Email from github:

      Known security vulnerabilities detected
      Dependency rack 	Version >= 2.0.4 < 2.0.6 	Upgrade to ~> 2.0.6
      Vulnerabilities
      CVE-2018-16470 Moderate severity
      CVE-2018-16471 Moderate severity
      	Defined in Gemfile.lock 	
      Dependency sinatra 	Version >= 2.0.0 < 2.0.2 	Upgrade to ~> 2.0.2
      Vulnerabilities
      CVE-2018-11627 High severity
      	Defined in Gemfile.lock 	
      Dependency ffi 	Version < 1.9.24 	Upgrade to ~> 1.9.24
      Vulnerabilities
      CVE-2018-1000201 Moderate severity
      	Defined in Gemfile.lock 	
      

      The sinatra sec alert is a XSS that probably needs to be addressed.

        Attachments

          Activity

            People

            • Assignee:
              jhoblitt Joshua Hoblitt
              Reporter:
              jhoblitt Joshua Hoblitt
              Watchers:
              Frossie Economou, Joshua Hoblitt
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Summary Panel