- Issue created by @Anwoon
- Status changed to Needs review
over 1 year ago 3:48pm 12 September 2023 - Status changed to Needs work
about 1 year ago 7:21am 24 April 2024 - ๐ฎ๐ณIndia rajeevgole
I tested the #3 patch. There are vulnerabilities(Critical, Medium) left in the below libraries after implementing the patch.
- @babel/traverse
- PostCSS
- node-tar
- ๐ฎ๐ณIndia vipul tulse
Added patch for upgrade latest packages and build
- ๐ฎ๐ณIndia vipul tulse
Updated patch to resolve @babel/traverse crtical issues
- ๐ฎ๐ณIndia vipul tulse
Latest patch to resolve the
------------------------------
json5 Prototype Pollution
VULNERABILITY
CWE-1321OPEN THIS LINK IN A NEW TAB
CVE-2022-46175OPEN THIS LINK IN A NEW TAB
CVSS 6.4OPEN THIS LINK IN A NEW TAB MEDIUM
SNYK-JS-JSON5-3182856
------------------------------
loader-utils Prototype Pollution
VULNERABILITY
CWE-1321OPEN THIS LINK IN A NEW TAB
CVE-2022-37601OPEN THIS LINK IN A NEW TAB
CVSS 7.5OPEN THIS LINK IN A NEW TAB HIGH
SNYK-JS-LOADERUTILS-3043105
------------------------------
loader-utils Regular Expression Denial of Service (ReDoS)
VULNERABILITY
CWE-1333OPEN THIS LINK IN A NEW TAB
CVE-2022-37599OPEN THIS LINK IN A NEW TAB
CVSS 5.3OPEN THIS LINK IN A NEW TAB MEDIUM
SNYK-JS-LOADERUTILS-3042992
------------------------------loader-utils Regular Expression Denial of Service (ReDoS)
VULNERABILITY
CWE-1333OPEN THIS LINK IN A NEW TAB
CVE-2022-37603OPEN THIS LINK IN A NEW TAB
CVSS 5.3OPEN THIS LINK IN A NEW TAB MEDIUM
SNYK-JS-LOADERUTILS-3105943
------------------------------ - ๐ฎ๐ณIndia vipul tulse
Please ignore the above patch, which has issues.
Updated packages and yarn run build
Tested after upgrade build looks goodAdded below override dependencies.
"resolutions": {
"raw-loader/loader-utils": "2.0.4",
"raw-loader/json5": "2.2.2",
"@ckeditor/ckeditor5-dev-utils/del/globby/glob": "10.3.16",
"@ckeditor/ckeditor5-dev-utils/del/rimraf/glob": "10.3.16",
"@ckeditor/ckeditor5-dev-utils/@ckeditor/ckeditor5-dev-translations/rimraf/glob": "10.3.16",
"@ckeditor/ckeditor5-dev-utils/terser-webpack-plugin/serialize-javascript": "6.0.2",
"@ckeditor/ckeditor5-dev-utils/shelljs/glob": "10.3.16",
"@ckeditor/ckeditor5-dev-utils/terser-webpack-plugin/cacache/glob": "10.3.16"
} - ๐ฎ๐ณIndia dev16.addweb
silvi.addweb โ made their first commit to this issueโs fork.
- Status changed to Needs review
9 months ago 12:26pm 23 July 2024 - ๐ฎ๐ณIndia sachintyagi99
Latest version security fix patch and included fix for https://www.drupal.org/project/editor_advanced_link/issues/3400107 ๐ Under certain conditions, the attributes of the last modified link are displayed by default when editing another link Active
Automatically closed - issue fixed for 2 weeks with no activity.
- Status changed to Fixed
25 days ago 7:03am 1 April 2025