search

yurikrupnik / mussia8

Mussia8 base project monorepo poc for api gateway
alfred-lake.vercel.app
MIT License
0 stars 0 forks source link

Update dependency swagger-ui-dist to 4.1.3 [SECURITY] - abandoned #265

Open renovate[bot] opened 2 years ago

renovate[bot] commented 2 years ago

Mend Renovate

This PR contains the following updates:

Package Change
swagger-ui-dist 3.50.0 -> 4.1.3
swagger-ui-dist 3.49.0 -> 4.1.3
swagger-ui-dist 3.52.0 -> 4.1.3
swagger-ui-dist 3.51.1 -> 4.1.3

GitHub Vulnerability Alerts

CVE-2021-46708

The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

Configuration

πŸ“… Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about these updates again.

This PR has been generated by Mend Renovate. View repository job log here.

vercel[bot] commented 2 years ago

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployments, click below or on the icon next to each commit.

alfred – ./packages/ui/clients/alfred

πŸ” Inspect: https://vercel.com/yurikrupnik/alfred/BH97kmkWmPv9R7riYba8gxR2PjtK
βœ… Preview: https://alfred-git-renovate-npm-swagger-ui-dist-vuln-dc9053-yurikrupnik.vercel.app

batman – ./packages/ui/clients/batman

πŸ” Inspect: https://vercel.com/yurikrupnik/batman/7cxogPD7M93KDkhnDX8cMVUtxEbx
βœ… Preview: https://batman-git-renovate-npm-swagger-ui-dist-vuln-5b3ebc-yurikrupnik.vercel.app

secure-code-warrior-for-github[bot] commented 2 years ago

Micro-Learning Topic: Code injection (Detected by phrase)

Matched on "code injection"

What is this? (2min video)

Code injection happens when an application insecurely accepts input that is subsequently used in a dynamic code evaluation call. If insufficient validation or sanitisation is performed on the input, specially crafted inputs may be able to alter the syntax of the evaluated code and thus alter execution. In a worst case scenario, an attacker could run arbitrary code in the server context and thus perform almost any action on the application server.

Try this challenge in Secure Code Warrior

Micro-Learning Topic: Reflected cross-site scripting (Detected by phrase)

Matched on "Reflected XSS"

What is this? (2min video)

Reflected cross-site scripting vulnerabilities occur when unescaped input is displayed in the resulting page displayed to the user. When HTML or script is included in the input, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context.

Try this challenge in Secure Code Warrior

Micro-Learning Topic: Cross-site scripting (Detected by phrase)

Matched on "XSS"

What is this? (2min video)

Reflected cross-site scripting vulnerabilities occur when unescaped input is displayed in the resulting page displayed to the user. When HTML or script is included in the input, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context.

Try this challenge in Secure Code Warrior

renovate[bot] commented 1 year ago

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.