Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CVE] Resolve jpeg-js to 0.4.4 #1753

Merged
merged 1 commit into from
Jun 16, 2022

Conversation

kavilla
Copy link
Member

@kavilla kavilla commented Jun 16, 2022

Description

Addresses Denial of Service (DoS) issue where a particular piece of input
will cause to enter an infinite loop and never return.

CVE: https://vuln.whitesourcesoftware.com/vulnerability/CVE-2022-25851

Signed-off-by: Kawika Avilla [email protected]

Issues Resolved

#1725

Check List

  • New functionality includes testing.
    • All tests pass
      • yarn test:jest
      • yarn test:jest_integration
      • yarn test:ftr
  • New functionality has been documented.
  • Commits are signed per the DCO using --signoff

Addresses Denial of Service (DoS) issue where a particular piece of input
will cause to enter an infinite loop and never return.

CVE: https://vuln.whitesourcesoftware.com/vulnerability/CVE-2022-25851

Issue Resolved:
opensearch-project#1725

Signed-off-by: Kawika Avilla <[email protected]>
@kavilla kavilla requested a review from a team as a code owner June 16, 2022 06:41
@kavilla kavilla added high severity High severity CVE cve Security vulnerabilities detected by Dependabot or Mend backport 2.x v2.1.0 labels Jun 16, 2022
@kavilla
Copy link
Member Author

kavilla commented Jun 16, 2022

This could be backported to 2.0.

@kavilla kavilla linked an issue Jun 16, 2022 that may be closed by this pull request
Copy link
Member

@joshuarrrr joshuarrrr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tmarkley
Copy link
Contributor

This could be backported to 2.0.

Yeah I'm not sure if we'll be doing another patch release to 2.0 but it wouldn't hurt to get it there.

@kavilla
Copy link
Member Author

kavilla commented Jun 16, 2022

This could be backported to 2.0.

Yeah I'm not sure if we'll be doing another patch release to 2.0 but it wouldn't hurt to get it there.

Gotcha. I will add it if there is a bump in the patch version.

@kavilla kavilla merged commit 2a159e8 into opensearch-project:main Jun 16, 2022
@kavilla kavilla deleted the avillk/lock_jpeg_js branch June 16, 2022 19:37
opensearch-trigger-bot bot pushed a commit that referenced this pull request Jun 16, 2022
Addresses Denial of Service (DoS) issue where a particular piece of input
will cause to enter an infinite loop and never return.

CVE: https://vuln.whitesourcesoftware.com/vulnerability/CVE-2022-25851

Issue Resolved:
#1725

Signed-off-by: Kawika Avilla <[email protected]>
(cherry picked from commit 2a159e8)
ananzh pushed a commit that referenced this pull request Jun 17, 2022
Addresses Denial of Service (DoS) issue where a particular piece of input
will cause to enter an infinite loop and never return.

CVE: https://vuln.whitesourcesoftware.com/vulnerability/CVE-2022-25851

Issue Resolved:
#1725

Signed-off-by: Kawika Avilla <[email protected]>
(cherry picked from commit 2a159e8)

Co-authored-by: Kawika Avilla <[email protected]>
cliu123 pushed a commit to cliu123/OpenSearch-Dashboards that referenced this pull request Jun 30, 2022
…h-project#1757)

Addresses Denial of Service (DoS) issue where a particular piece of input
will cause to enter an infinite loop and never return.

CVE: https://vuln.whitesourcesoftware.com/vulnerability/CVE-2022-25851

Issue Resolved:
opensearch-project#1725

Signed-off-by: Kawika Avilla <[email protected]>
(cherry picked from commit 2a159e8)

Co-authored-by: Kawika Avilla <[email protected]>
cliu123 pushed a commit to cliu123/OpenSearch-Dashboards that referenced this pull request Jun 30, 2022
…h-project#1757)

Addresses Denial of Service (DoS) issue where a particular piece of input
will cause to enter an infinite loop and never return.

CVE: https://vuln.whitesourcesoftware.com/vulnerability/CVE-2022-25851

Issue Resolved:
opensearch-project#1725

Signed-off-by: Kawika Avilla <[email protected]>
(cherry picked from commit 2a159e8)

Co-authored-by: Kawika Avilla <[email protected]>
ananzh added a commit to ananzh/OpenSearch-Dashboards that referenced this pull request Mar 30, 2023
ananzh added a commit to ananzh/OpenSearch-Dashboards that referenced this pull request Mar 30, 2023
ananzh added a commit to ananzh/OpenSearch-Dashboards that referenced this pull request Mar 30, 2023
joshuarrrr added a commit that referenced this pull request Apr 17, 2023
Issue Resolve
#1725

Backport PR
#1753

Signed-off-by: Anan Zhuang <[email protected]>
Co-authored-by: Josh Romero <[email protected]>
opensearch-trigger-bot bot pushed a commit that referenced this pull request Apr 17, 2023
Issue Resolve
#1725

Backport PR
#1753

Signed-off-by: Anan Zhuang <[email protected]>
Co-authored-by: Josh Romero <[email protected]>
(cherry picked from commit 637d545)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

# Conflicts:
#	CHANGELOG.md
abbyhu2000 pushed a commit that referenced this pull request Apr 17, 2023
Issue Resolve
#1725

Backport PR
#1753

Signed-off-by: Anan Zhuang <[email protected]>
Co-authored-by: Josh Romero <[email protected]>
(cherry picked from commit 637d545)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

# Conflicts:
#	CHANGELOG.md

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport 2.x cve Security vulnerabilities detected by Dependabot or Mend high severity High severity CVE v2.1.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

CVE-2022-25851 (High) detected in jpeg-js-0.4.3.tgz
3 participants