Check logs Sprint 17.5 week 2 (03/23/2022)

[hcaofec]

Log review needs to be completed per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

Ref: Check logs Sprint 17.5 week 1

• Make new tickets for sprint 17.6 weeks1 & 2

[cnlucas]

FEC-CMS:
package.json: 0

requirements.txt: 3 Medium, 3 Low
[Snyk:Medium]: django Denial of Service (DoS) will solve in fecgov/fec-cms#5126
[Snyk:Medium]: [pillow Improper Input Validation] will solve in fecgov/fec-cms#5071
[Snyk:Medium]: [gitpython Regular Expression Denial of Service (ReDoS)] will solve in fecgov/fec-cms#5081
Newly Ignored: [Snyk:Medium]: [django Cross-site Scripting (XSS)] will solve in fecgov/fec-cms#5126 [Our CMS doesn't use currently use the {% debug %} template tag. We will be upgrading django to 3.2.12 in a follow-up ticket once we've upgraded https://github.com/fecgov/fec-cms/issues/4807]

[Snyk:Low]: [django Directory Traversal]will solve in fecgov/fec-cms#5030
now-fecgov/fec-cms#5126
[Snyk:Low]: [django Information Exposure]will solve in fecgov/fec-cms#5030
now-fecgov/fec-cms#5126
[Snyk:Low]: [wagtail Information Exposure] will solve in fecgov/fec-cms#5043

OPEN-FEC:
package.json: 1 Medium, 1 Low
[SNYK: Medium]: [@braintree/sanitize-url Cross-site Scripting (XSS)]. #5075
[SNYK: Low]: [minimist- Prototype Pollution] [no remediation path available] fecgov/fec-cms#5127

requirements.txt: 1 High, 2 Medium
[SNYK: High ] [ujson Out-of-Bounds Write] (#5058)
[Snyk: Medium]: [Celery Stored Command Injection] (#5017)
[Snyk: Medium]: [gitpython Regular Expression Denial of Service (ReDoS)] (#5065)

flyway: 0

FEC-EREGS:
package.json: 0
requirements.txt: 0

FEC-PATTERN-LIBRARY:
package.json: None

Search logs:
No new users

Cloud.gov Dashboard:
9 deployer accounts, same as last week.

Off-boarding:
None for this week