Check logs Sprint 13.6 week 2 #4521

jason-upchurch · 2020-07-29T13:06:13Z

Check logs Sprint 13.6 week 2

Log review needs to be completed for sprint 13.6 week 2 per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

fecjjeng · 2020-10-07T18:08:30Z

FEC-CMS:

package.json: 4
High: Arbitrary Code Execution (fecgov/fec-cms#4026)
High: Regular Expression Denial of Service (ReDoS) fecgov/fec-cms#4065
Medium: Denial of Service (fecgov/fec-cms#4043)
Medium: Prototype Pollution (fecgov/fec-cms#4105)

requirement: 1
High: HTTP Header Injection (fecgov/fec-cms#4106)

OPEN-FEC:

package.json: 0

requirements.txt: 1
Medium: Denial of Service (DoS) (Due 10/25/2020) #4588

data/flyway/build.gradle: 0

FEC-EREGS:

package.json: 0
requirements.txt: 0

FEC-PATTERN-LIBRARY:

package.json: 0

Cloud.gov Dashboard:
9 deployer accounts, same as last week.

Offboarding:
Nothing to report

jason-upchurch added this to the Sprint 13.6 milestone Jul 29, 2020

jason-upchurch added the Security: general General security concern or issue label Jul 29, 2020

JonellaCulmer assigned fecjjeng Sep 29, 2020

fecjjeng closed this as completed Oct 7, 2020

Provide feedback