fec-jli
commented
2 months ago Note: The following issues were logged based off snyk cli in addition to snyk dashboard.
FEC-CMS: 3 package.json: 0 requirements.txt: 7 [Snyk Medium - requests@requests@2.31.0 Always-Incorrect Control Flow Implementation] (https://github.com/fecgov/fec-cms/issues/6285) [Snyk Medium - zipp Infinite loop] (https://github.com/fecgov/fec-cms/issues/6367) [Snyk Medium - urllib3@1.26.18 Improper Removal of Sensitive Information Before Storage or Transfer] -(https://github.com/fecgov/fec-cms/issues/6343) [Snyk Medium - fix 4 issues: django Denial of Service (DoS,Directory Traversal ,Timing Attack)] -(https://github.com/fecgov/fec-cms/issues/6376)
OpenFEC: 6 package.json: 0 [Snyk Medium] - async - (https://github.com/fecgov/openFEC/issues/5891) requirements.txt: 6 [Snyk Low - Flask-cors Log Injection LOCUST ] - https://github.com/fecgov/openFEC/issues/5807 [Snyk Medium - requests Always-Incorrect Control Flow Implementation] - (https://github.com/fecgov/openFEC/issues/5845) [Snyk Medium - urllib3@1.26.18 Improper Removal of Sensitive Information Before Storage or Transfer] -(https://github.com/fecgov/openFEC/issues/5877) [Snyk Medium - Insufficient Verification of Data Authenticity] - (https://github.com/fecgov/openFEC/issues/5845) [Snyk Medium - Infinite loop] - (https://github.com/fecgov/openFEC/issues/5898) [Snyk High] - - setuptools Improper Control of Generation of Code ('Code Injection')(https://github.com/fecgov/openFEC/issues/5907)
Pattern-Library: 0
Search logs: No "User changes" found in the past week. Deployer accounts from cloud.gov dashboard: 10
Log review needs to be completed per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)
Ref: https://github.com/fecgov/openFEC/issues/5889