Uploaded image for project: 'Data Management'
  1. Data Management
  2. DM-20461

Fix security alert for lander (April 10, 2019)

    Details

    • Type: Story
    • Status: Done
    • Resolution: Done
    • Fix Version/s: None
    • Component/s: None
    • Labels:

      Description

      1 Jinja2 vulnerability found in setup.py on Apr 10

      Remediation

      Upgrade Jinja2 to version 2.10.1 or later. For example:
      install_requires=[ 'Jinja2>=2.10.1' ],
      or…
      extra_requires=[ 'Jinja2>=2.10.1' ],
      Always verify the validity and compatibility of suggestions with your codebase.


      Details

      CVE-2019-10906 More information

      high severity
      Vulnerable versions: < 2.10.1
      Patched version: 2.10.1
      In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

        Attachments

          Activity

          Hide
          jsick Jonathan Sick added a comment -

          In the course of doing this work I also had to address a breakage in the npm depends. Ultimately this resulted in updating all npm deps and migrating the build pipeline to Gulp 4.

          Show
          jsick Jonathan Sick added a comment - In the course of doing this work I also had to address a breakage in the npm depends. Ultimately this resulted in updating all npm deps and migrating the build pipeline to Gulp 4.
          Hide
          jsick Jonathan Sick added a comment -

          Released as lander version 0.1.16.

          Show
          jsick Jonathan Sick added a comment - Released as lander version 0.1.16.

            People

            • Assignee:
              jsick Jonathan Sick
              Reporter:
              jsick Jonathan Sick
              Watchers:
              Jonathan Sick
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Summary Panel