cnlucas
commented
2 years ago FEC-CMS: package.json: None requirements.txt: [SNYK: Medium]: [pyjwt- Use of a Broken or Risky Cryptographic Algorithm] https://github.com/fecgov/fec-cms/issues/5247
OPEN-FEC: package.json: 1 High [SNYK: High]: [dicer Denial of Service (DoS) https://github.com/fecgov/openFEC/issues/5146 --No remediation path available
requirements.txt: 1 [Snyk: Medium]: [Regular Expression Denial of Service (ReDoS)] https://github.com/fecgov/openFEC/issues/5124 flyway: 2 High, 6 Medium [SNYK: High]: com.google.oauth-client:google-oauth-client Improper Verification of Cryptographic Signature #5168 [SNYK: High]: com.fasterxml.jackson.core:jackson-databind Denial of Service (DoS) #5168 [SNYK: Medium]: org.postgresql:postgresql Arbitrary Code Injection #5168 [SNYK: Medium]: io.netty:netty-codec-http HTTP Request Smuggling #5168 [SNYK: Medium]: com.fasterxml.jackson.core:jackson-databind Denial of Service (DoS) #5168 [SNYK: Medium]: io.netty:netty-common Information Exposure #5168 [SNYK: Medium]: org.bouncycastle:bcprov-jdk15on Cryptographic Issues NO REMEDIATION PATH LISTED, check if still a vulnerability after flyway commandline is updated to 8.5.11 [SNYK: Medium]: io.netty:netty-handler Improper Certificate Validation NO REMEDIATION PATH LISTED, check if still a vulnerability after flyway commandline is updated to 8.5.11
FEC-EREGS: package.json: 0 requirements.txt: 0
FEC-PATTERN-LIBRARY: package.json: 0
Search logs: No new users
Cloud.gov Dashboard: 8 accounts (26 total users)
Off-boarding: None for this week
Log review needs to be completed per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)
Ref: Check logs Sprint 18.3 week 1