Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check logs Innovation sprint 17 week 1 #5095

Closed
cnlucas opened this issue Apr 6, 2022 · 1 comment
Closed

Check logs Innovation sprint 17 week 1 #5095

cnlucas opened this issue Apr 6, 2022 · 1 comment
Assignees
@cnlucas
Labels
Security: general General security concern or issue
Milestone
PI 17 innovation

Comments

@cnlucas
Copy link
Member

cnlucas commented Apr 6, 2022
edited
Loading

Log review needs to be completed per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

Ref: Check logs Sprint 17.6 week 2
@cnlucas cnlucas added the Security: general General security concern or issue label Apr 6, 2022
@cnlucas cnlucas changed the title Check logs Innovation spring 17 week 1 Check logs Innovation sprint 17 week 1 Apr 6, 2022
@cnlucas cnlucas mentioned this issue Apr 6, 2022
Closed
1 task
@cnlucas cnlucas added this to the PI 17 innovation milestone Apr 11, 2022
@cnlucas cnlucas self-assigned this Apr 12, 2022
@cnlucas
Copy link
Member Author

cnlucas commented Apr 13, 2022
edited
Loading

FEC-CMS:
package.json: None

requirements.txt: 2 High, 2 Medium, 2 Low
[Snyk:High]: django SQL Injection will solve in fecgov/fec-cms#5161
[Snyk:High]: django SQL Injection will solve in fecgov/fec-cms#5161

[Snyk:Medium]: django Denial of Service (DoS) will solve in fecgov/fec-cms#5161
[Snyk:Medium]: [gitpython Regular Expression Denial of Service (ReDoS)] will solve in fecgov/fec-cms#5081

[Snyk:Low]: [django Directory Traversal]will solve in fecgov/fec-cms#5161
[Snyk:Low]: [django Information Exposure]will solve in fecgov/fec-cms#5161

OPEN-FEC:
package.json: 1 High, 1 Low
[SNYK: High]: [async- Prototype Pollution] -no remediation path yet
[SNYK: Low]: [minimist- Prototype Pollution] #5098

requirements.txt: 2 Medium
[Snyk: Medium]: [Celery Stored Command Injection] (#5017)
[Snyk: Medium]: [gitpython Regular Expression Denial of Service (ReDoS)] (#5065)

flyway: 0

FEC-EREGS:
package.json: 0
requirements.txt: 2 High
[Snyk:High]: django SQL Injection will solve in fecgov/fec-eregs#681
[Snyk:High]: django SQL Injection will solve in fecgov/fec-eregs#681

FEC-PATTERN-LIBRARY:
package.json: 1 High
[Snyk: High]: [moment Directory Traversal] (fecgov/fec-pattern-library#188)

Search logs:
No new users

Cloud.gov Dashboard:
9 deployer accounts--no change

Off-boarding:
None for this week

@cnlucas cnlucas closed this as completed Apr 14, 2022
@cnlucas cnlucas mentioned this issue Apr 20, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cnlucas cnlucas

Labels
Security: general General security concern or issue
Projects
None yet
Milestone
PI 17 innovation
Development

No branches or pull requests
1 participant
@cnlucas