- 🇳🇿New Zealand quietone
It was updated in #3265617: Update Nightwatch to 2.x →
Trivy reported a critical security alert on the pac-resolver library used in the drupal core. Could you please update yarn dependencies in a future release ?
var/www/html/web/core/yarn.lock (yarn)
======================================
Total: 1 (CRITICAL: 1)
+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
| pac-resolver | CVE-2021-23406 | CRITICAL | 4.2.0 | 5.0.0 | nodejs-pac-resolver: remote |
| | | | | | code execution when used with |
| | | | | | untrusted input due to unsafe... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-23406 |
+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
Upgrade pac-resolver to 5.0.0 version
Closed: outdated
11.0 🔥
other
It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
It was updated in #3265617: Update Nightwatch to 2.x →