-
Notifications
You must be signed in to change notification settings - Fork 919
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2020-15366 (Medium) detected in ajv-4.11.8.tgz #1154
Labels
cve
Security vulnerabilities detected by Dependabot or Mend
medium severity
Medium severity CVE
Mend: dependency security vulnerability
Security vulnerability detected by Mend
v2.0.0
Comments
mend-for-github-com
bot
added
the
Mend: dependency security vulnerability
Security vulnerability detected by Mend
label
Jan 14, 2022
tmarkley
added
cve
Security vulnerabilities detected by Dependabot or Mend
medium severity
Medium severity CVE
labels
Jan 14, 2022
AMoo-Miki
pushed a commit
to AMoo-Miki/OpenSearch-Dashboards
that referenced
this issue
Feb 9, 2022
AMoo-Miki
pushed a commit
to AMoo-Miki/OpenSearch-Dashboards
that referenced
this issue
Feb 10, 2022
AMoo-Miki
pushed a commit
to AMoo-Miki/OpenSearch-Dashboards
that referenced
this issue
Feb 10, 2022
# [30.2.0](elastic/elastic-charts@v30.1.0...v30.2.0) (2021-06-10) ### Features * **a11y:** add data table for screen readers (sunburst, treemap, icicle, flame) ([opensearch-project#1155](elastic/elastic-charts#1155)) ([a1a68fe](elastic/elastic-charts@a1a68fe)), closes [opensearch-project#1154](elastic/elastic-charts#1154)
Closed
tmarkley
pushed a commit
to tmarkley/OpenSearch-Dashboards
that referenced
this issue
Feb 28, 2022
* Introduces standard scss rules from stylelint with only a few modifications. * `yarn lint` now runs `yarn lint:style` instead of `yarn lint:sass`. * Many of the files were updated with `yarn lint:style --fix`, but some of them had to be manually updated to adhere to the newly-introduced rules from the stylelint configuration. A major culprit was the `no-descending-specificity` rule. * Some of the automated fixes that changed function names (e.g. EUI functions like `lightOrDarkTheme`) had to be overridden because EUI doesn't adhere to all of the rules. We can address this after we fold in and replace `node-sass` with Dart Sass. Resolves opensearch-project#551 Resolves opensearch-project#1139 Resolves opensearch-project#1151 Resolves opensearch-project#1152 Resolves opensearch-project#1154 Signed-off-by: Tommy Markley <markleyt@amazon.com>
tmarkley
pushed a commit
to tmarkley/OpenSearch-Dashboards
that referenced
this issue
Feb 28, 2022
* Introduces standard scss rules from stylelint with only a few modifications. * `yarn lint` now runs `yarn lint:style` instead of `yarn lint:sass`. * Many of the files were updated with `yarn lint:style --fix`, but some of them had to be manually updated to adhere to the newly-introduced rules from the stylelint configuration. A major culprit was the `no-descending-specificity` rule. * Some of the automated fixes that changed function names (e.g. EUI functions like `lightOrDarkTheme`) had to be overridden because EUI doesn't adhere to all of the rules. We can address this after we fold in and replace `node-sass` with Dart Sass. * Includes a couple fixes such as fixing the class selector for `osdnSuggestionItem--value .osdSuggestionItem__text`. Resolves opensearch-project#551 Resolves opensearch-project#1139 Resolves opensearch-project#1151 Resolves opensearch-project#1152 Resolves opensearch-project#1154 Signed-off-by: Tommy Markley <markleyt@amazon.com>
tmarkley
pushed a commit
to tmarkley/OpenSearch-Dashboards
that referenced
this issue
Mar 1, 2022
* Introduces standard scss rules from stylelint with only a few modifications. * `yarn lint` now runs `yarn lint:style` instead of `yarn lint:sass`. * Many of the files were updated with `yarn lint:style --fix`, but some of them had to be manually updated to adhere to the newly-introduced rules from the stylelint configuration. A major culprit was the `no-descending-specificity` rule. * Some of the automated fixes that changed function names (e.g. EUI functions like `lightOrDarkTheme`) had to be overridden because EUI doesn't adhere to all of the rules. We can address this after we fold in and replace `node-sass` with Dart Sass. * Includes a couple fixes such as fixing the class selector for `osdnSuggestionItem--value .osdSuggestionItem__text`. Resolves opensearch-project#551 Resolves opensearch-project#1139 Resolves opensearch-project#1151 Resolves opensearch-project#1152 Resolves opensearch-project#1154 Signed-off-by: Tommy Markley <markleyt@amazon.com>
tmarkley
pushed a commit
to tmarkley/OpenSearch-Dashboards
that referenced
this issue
Mar 2, 2022
* Introduces standard scss rules from stylelint with only a few modifications. * `yarn lint` now runs `yarn lint:style` instead of `yarn lint:sass`. * Many of the files were updated with `yarn lint:style --fix`, but some of them had to be manually updated to adhere to the newly-introduced rules from the stylelint configuration. A major culprit was the `no-descending-specificity` rule. * Some of the automated fixes that changed function names (e.g. EUI functions like `lightOrDarkTheme`) had to be overridden because EUI doesn't adhere to all of the rules. We can address this after we fold in and replace `node-sass` with Dart Sass. * Includes a couple fixes such as fixing the class selector for `osdnSuggestionItem--value .osdSuggestionItem__text`. Resolves opensearch-project#551 Resolves opensearch-project#1139 Resolves opensearch-project#1151 Resolves opensearch-project#1152 Resolves opensearch-project#1154 Signed-off-by: Tommy Markley <markleyt@amazon.com>
tmarkley
pushed a commit
to tmarkley/OpenSearch-Dashboards
that referenced
this issue
Mar 2, 2022
* Introduces standard scss rules from stylelint with only a few modifications. * `yarn lint` now runs `yarn lint:style` instead of `yarn lint:sass`. * Many of the files were updated with `yarn lint:style --fix`, but some of them had to be manually updated to adhere to the newly-introduced rules from the stylelint configuration. A major culprit was the `no-descending-specificity` rule. * Some of the automated fixes that changed function names (e.g. EUI functions like `lightOrDarkTheme`) had to be overridden because EUI doesn't adhere to all of the rules. We can address this after we fold in and replace `node-sass` with Dart Sass. * Includes a couple fixes such as fixing the class selector for `osdnSuggestionItem--value .osdSuggestionItem__text`. Resolves opensearch-project#551 Resolves opensearch-project#1139 Resolves opensearch-project#1151 Resolves opensearch-project#1152 Resolves opensearch-project#1154 Signed-off-by: Tommy Markley <markleyt@amazon.com>
tmarkley
pushed a commit
to tmarkley/OpenSearch-Dashboards
that referenced
this issue
Mar 4, 2022
* Introduces standard scss rules from stylelint with only a few modifications. * `yarn lint` now runs `yarn lint:style` instead of `yarn lint:sass`. * Many of the files were updated with `yarn lint:style --fix`, but some of them had to be manually updated to adhere to the newly-introduced rules from the stylelint configuration. A major culprit was the `no-descending-specificity` rule. * Some of the automated fixes that changed function names (e.g. EUI functions like `lightOrDarkTheme`) had to be overridden because EUI doesn't adhere to all of the rules. We can address this after we fold in and replace `node-sass` with Dart Sass. * Includes a couple fixes such as fixing the class selector for `osdnSuggestionItem--value .osdSuggestionItem__text`. Resolves opensearch-project#551 Resolves opensearch-project#1139 Resolves opensearch-project#1151 Resolves opensearch-project#1152 Resolves opensearch-project#1154 Signed-off-by: Tommy Markley <markleyt@amazon.com>
tmarkley
pushed a commit
to tmarkley/OpenSearch-Dashboards
that referenced
this issue
Mar 4, 2022
* Introduces standard scss rules from stylelint with only a few modifications. * `yarn lint` now runs `yarn lint:style` instead of `yarn lint:sass`. * Many of the files were updated with `yarn lint:style --fix`, but some of them had to be manually updated to adhere to the newly-introduced rules from the stylelint configuration. A major culprit was the `no-descending-specificity` rule. * Some of the automated fixes that changed function names (e.g. EUI functions like `lightOrDarkTheme`) had to be overridden because EUI doesn't adhere to all of the rules. We can address this after we fold in and replace `node-sass` with Dart Sass. * Includes a couple fixes such as fixing the class selector for `osdnSuggestionItem--value .osdSuggestionItem__text`. Resolves opensearch-project#551 Resolves opensearch-project#1139 Resolves opensearch-project#1151 Resolves opensearch-project#1152 Resolves opensearch-project#1154 Signed-off-by: Tommy Markley <markleyt@amazon.com>
tmarkley
pushed a commit
to tmarkley/OpenSearch-Dashboards
that referenced
this issue
Mar 16, 2022
* Introduces standard scss rules from stylelint with only a few modifications. * `yarn lint` now runs `yarn lint:style` instead of `yarn lint:sass`. * Many of the files were updated with `yarn lint:style --fix`, but some of them had to be manually updated with overrides to adhere to the newly-introduced rules from the stylelint configuration. * Includes a couple fixes such as fixing the class selector for `osdnSuggestionItem--value .osdSuggestionItem__text`. Resolves opensearch-project#551 Resolves opensearch-project#1139 Resolves opensearch-project#1151 Resolves opensearch-project#1152 Resolves opensearch-project#1154 Signed-off-by: Tommy Markley <markleyt@amazon.com>
tmarkley
pushed a commit
to tmarkley/OpenSearch-Dashboards
that referenced
this issue
Mar 16, 2022
* Introduces standard scss rules from stylelint with only a few modifications. * `yarn lint` now runs `yarn lint:style` instead of `yarn lint:sass`. * Many of the files were updated with `yarn lint:style --fix`, but some of them had to be manually updated with overrides to adhere to the newly-introduced rules from the stylelint configuration. * Includes a couple fixes such as fixing the class selector for `osdnSuggestionItem--value .osdSuggestionItem__text`. Resolves opensearch-project#551 Resolves opensearch-project#1139 Resolves opensearch-project#1151 Resolves opensearch-project#1152 Resolves opensearch-project#1154 Signed-off-by: Tommy Markley <markleyt@amazon.com>
tmarkley
pushed a commit
to tmarkley/OpenSearch-Dashboards
that referenced
this issue
Mar 17, 2022
* Introduces standard scss rules from stylelint with only a few modifications. * `yarn lint` now runs `yarn lint:style` instead of `yarn lint:sass`. * Many of the files were updated with `yarn lint:style --fix`, but some of them had to be manually updated with overrides to adhere to the newly-introduced rules from the stylelint configuration. * Includes a couple fixes such as fixing the class selector for `osdnSuggestionItem--value .osdSuggestionItem__text`. Resolves opensearch-project#551 Resolves opensearch-project#1139 Resolves opensearch-project#1151 Resolves opensearch-project#1152 Resolves opensearch-project#1154 Signed-off-by: Tommy Markley <markleyt@amazon.com>
tmarkley
pushed a commit
to tmarkley/OpenSearch-Dashboards
that referenced
this issue
Mar 23, 2022
* Introduces standard scss rules from stylelint with only a few modifications. * `yarn lint` now runs `yarn lint:style` instead of `yarn lint:sass`. * Many of the files were updated with `yarn lint:style --fix`, but some of them had to be manually updated with overrides to adhere to the newly-introduced rules from the stylelint configuration. * Includes a couple fixes such as fixing the class selector for `osdnSuggestionItem--value .osdSuggestionItem__text`. Resolves opensearch-project#551 Resolves opensearch-project#1139 Resolves opensearch-project#1151 Resolves opensearch-project#1152 Resolves opensearch-project#1154 Signed-off-by: Tommy Markley <markleyt@amazon.com>
tmarkley
pushed a commit
to tmarkley/OpenSearch-Dashboards
that referenced
this issue
Mar 25, 2022
* Introduces standard scss rules from stylelint with only a few modifications. * `yarn lint` now runs `yarn lint:style` instead of `yarn lint:sass`. * Many of the files were updated with `yarn lint:style --fix`, but some of them had to be manually updated with overrides to adhere to the newly-introduced rules from the stylelint configuration. * Includes a couple fixes such as fixing the class selector for `osdnSuggestionItem--value .osdSuggestionItem__text`. Resolves opensearch-project#551 Resolves opensearch-project#1139 Resolves opensearch-project#1151 Resolves opensearch-project#1152 Resolves opensearch-project#1154 Signed-off-by: Tommy Markley <markleyt@amazon.com>
ashwin-pc
pushed a commit
to ashwin-pc/OpenSearch-Dashboards
that referenced
this issue
Apr 1, 2022
* Introduces standard scss rules from stylelint with only a few modifications. * `yarn lint` now runs `yarn lint:style` instead of `yarn lint:sass`. * Many of the files were updated with `yarn lint:style --fix`, but some of them had to be manually updated with overrides to adhere to the newly-introduced rules from the stylelint configuration. * Includes a couple fixes such as fixing the class selector for `osdnSuggestionItem--value .osdSuggestionItem__text`. Resolves opensearch-project#551 Resolves opensearch-project#1139 Resolves opensearch-project#1151 Resolves opensearch-project#1152 Resolves opensearch-project#1154 Signed-off-by: Tommy Markley <markleyt@amazon.com>
ashwin-pc
pushed a commit
to ashwin-pc/OpenSearch-Dashboards
that referenced
this issue
Apr 1, 2022
* Introduces standard scss rules from stylelint with only a few modifications. * `yarn lint` now runs `yarn lint:style` instead of `yarn lint:sass`. * Many of the files were updated with `yarn lint:style --fix`, but some of them had to be manually updated with overrides to adhere to the newly-introduced rules from the stylelint configuration. * Includes a couple fixes such as fixing the class selector for `osdnSuggestionItem--value .osdSuggestionItem__text`. Resolves opensearch-project#551 Resolves opensearch-project#1139 Resolves opensearch-project#1151 Resolves opensearch-project#1152 Resolves opensearch-project#1154 Signed-off-by: Tommy Markley <markleyt@amazon.com>
ashwin-pc
added a commit
that referenced
this issue
Apr 1, 2022
* Replaces `sass-lint` with `stylelint` * Introduces standard scss rules from stylelint with only a few modifications. * `yarn lint` now runs `yarn lint:style` instead of `yarn lint:sass`. * Many of the files were updated with `yarn lint:style --fix`, but some of them had to be manually updated with overrides to adhere to the newly-introduced rules from the stylelint configuration. * Includes a couple fixes such as fixing the class selector for `osdnSuggestionItem--value .osdSuggestionItem__text`. Resolves #551 Resolves #1139 Resolves #1151 Resolves #1152 Resolves #1154 Signed-off-by: Tommy Markley <markleyt@amazon.com> * fix(Style): Fixes flex style Signed-off-by: Ashwin Pc <ashwinpc@amazon.com> * fix(lint): Fixes empty comment lint issue Signed-off-by: Ashwin Pc <ashwinpc@amazon.com> * chore: rebase and updates yarn.lock Signed-off-by: Ashwin Pc <ashwinpc@amazon.com> Co-authored-by: Tommy Markley <markleyt@amazon.com>
8 tasks
ananzh
added a commit
to ananzh/OpenSearch-Dashboards
that referenced
this issue
Apr 3, 2023
Add a resolution to bump ajv from 4.11.8 to 6.12.6. Issue Resolve opensearch-project#1154 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
abbyhu2000
pushed a commit
that referenced
this issue
May 15, 2023
Add a resolution to bump ajv from 4.11.8 to 6.12.6. Issue Resolve #1154 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com>
opensearch-trigger-bot bot
pushed a commit
that referenced
this issue
May 15, 2023
Add a resolution to bump ajv from 4.11.8 to 6.12.6. Issue Resolve #1154 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> (cherry picked from commit 7786641) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md
ananzh
pushed a commit
that referenced
this issue
May 17, 2023
Add a resolution to bump ajv from 4.11.8 to 6.12.6. Issue Resolve #1154 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> (cherry picked from commit 7786641) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
cve
Security vulnerabilities detected by Dependabot or Mend
medium severity
Medium severity CVE
Mend: dependency security vulnerability
Security vulnerability detected by Mend
v2.0.0
CVE-2020-15366 - Medium Severity Vulnerability
Vulnerable Library - ajv-4.11.8.tgz
Another JSON Schema Validator
Library home page: https://registry.npmjs.org/ajv/-/ajv-4.11.8.tgz
Dependency Hierarchy:
Found in HEAD commit: ddb2cc42e9e43fdc2358fe14019ab9679e775671
Found in base branch: main
Vulnerability Details
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)
Publish Date: 2020-07-15
URL: CVE-2020-15366
CVSS 3 Score Details (5.6)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://github.com/ajv-validator/ajv/releases/tag/v6.12.3
Release Date: 2020-07-15
Fix Resolution: ajv - 6.12.3
The text was updated successfully, but these errors were encountered: