Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security issue serialize-javascript prior to 3.1.0 allows remote attackers #17858

Closed
lsrael-BGx opened this issue Jun 4, 2020 · 2 comments Β· Fixed by #17750
Closed

Security issue serialize-javascript prior to 3.1.0 allows remote attackers #17858

lsrael-BGx opened this issue Jun 4, 2020 · 2 comments Β· Fixed by #17750
Labels
area: @angular-devkit/build-angular devkit/build-angular:browser devkit/build-angular:dev-server freq3: high severity6: security type: bug/fix
Milestone
Backlog

Comments

@lsrael-BGx
Copy link

πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘

@angular-devkit/build-angular/0.901.7 Β» copy-webpack-plugin/5.1.1
Β» serialize-javascript/2.1.2

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".

πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘πŸ›‘
@ngbot ngbot bot modified the milestone: Backlog Jun 4, 2020
This was referenced Jun 5, 2020
Merged
Closed
Merged
Merged
Merged
@vikramdadwal
Copy link

We are facing this issue too, any ETA ?

filipesilva pushed a commit that referenced this issue Jun 8, 2020
@alan-agius4 @filipesilva
fix(@angular-devkit/build-angular): update copy-webpack-plugin to ver…
a8ecbc8 
…sion 6

Fixes #17858
filipesilva pushed a commit that referenced this issue Jun 9, 2020
@alan-agius4 @filipesilva
fix(@angular-devkit/build-angular): update copy-webpack-plugin to ver…
1a8de6f 
…sion 6

Fixes #17858
filipesilva pushed a commit that referenced this issue Jun 9, 2020
@alan-agius4 @filipesilva
fix(@angular-devkit/build-angular): update copy-webpack-plugin to ver…
057411d 
…sion 6

Fixes #17858
filipesilva pushed a commit that referenced this issue Jun 9, 2020
@alan-agius4 @filipesilva
fix(@angular-devkit/build-angular): update copy-webpack-plugin to ver…
01a0f1f 
…sion 6

Fixes #17858
This was referenced Jun 10, 2020
Closed
Merged
Closed
Closed
Closed
Closed
Closed
Closed
This was referenced Jun 15, 2020
Closed
Closed
Merged
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Merged
Merged
Closed
Merged
Closed
Closed
Closed
This was referenced Jun 15, 2020
Merged
Merged
Merged
This was referenced Jun 15, 2020
Merged
Closed
Closed
Merged
Closed
Closed
Closed
Closed
@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Jul 10, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area: @angular-devkit/build-angular devkit/build-angular:browser devkit/build-angular:dev-server freq3: high severity6: security type: bug/fix
Projects
None yet
Milestone
Backlog
Development

Successfully merging a pull request may close this issue.

fix(@angular-devkit/build-angular): update copy-webpack-plugin to version 6
3 participants
@vikramdadwal @alan-agius4 @lsrael-BGx