Closed pkfec closed 2 months ago
FEC-CMS: 7 package.json: 3 [Snyk Medium dompurify Template Injection] (https://github.com/fecgov/fec-cms/issues/6206) [node-fetch] (https://github.com/fecgov/fec-cms/issues/6307) [micromatch] (https://github.com/fecgov/fec-cms/issues/6308)
requirements.txt: 4 [Snyk Medium - django@4.2.10 Regular Expression Denial of Service (ReDoS)] (https://github.com/fecgov/fec-cms/issues/6268) [Snyk Medium - requests@requests@2.31.0 Always-Incorrect Control Flow Implementation] (https://github.com/fecgov/fec-cms/issues/6285) [Snyk Medium - jinja2@3.1.3 Cross-site Scripting (XSS)] (https://github.com/fecgov/fec-cms/issues/6250) [Snyk Medium - setuptools@65.5.0 Regular Expression Denial of Service (ReDoS)] (https://github.com/fecgov/fec-cms/issues/6269)
openFEC: 4 flyway: 0 package.json: 0 requirements.txt: 4 [Snyk Low] - Log Injection in flask-cors@3.0.10 [Snyk Medium] - requests Always-Incorrect Control Flow Implementation](https://github.com/fecgov/openFEC/issues/5845) [Snyk: Med Resource Exhaustion] (https://github.com/fecgov/openFEC/issues/5853) [Snyk: Med Cross-site Scripting] (https://github.com/fecgov/openFEC/issues/5854)
FEC-PATTERN-LIBRARY: 2 package.json: 2 [dompurify] (https://github.com/fecgov/fec-pattern-library/issues/223) [node-fetch] (https://github.com/fecgov/fec-pattern-library/issues/224)
Search logs: No "User changes" found in the past week. Deployer accounts from cloud.gov dashboard: 10
Log review needs to be completed per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)
Ref: https://github.com/fecgov/openFEC/issues/5821