Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Backend Vulnerabilities fixed #3627

Merged
merged 1 commit into from
Jan 9, 2025

Conversation

dpanshug
Copy link
Contributor

@dpanshug dpanshug commented Jan 9, 2025

RHOAIENG-17793

Description

  • CVE-2024-21538 odh-dashboard-container: regular expression denial of service [main]

How Has This Been Tested?

npm audit in backend folder and check for cross-spawn package vulnerability to not exist.

Test Impact

None

Request review criteria:

Self checklist (all need to be checked):

  • The developer has manually tested the changes and verified that the changes work
  • Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
  • The developer has added tests or explained why testing cannot be added (unit or cypress tests for related changes)

If you have UI changes:

  • Included any necessary screenshots or gifs if it was a UI change.
  • Included tags to the UX team if it was a UI/UX change.

After the PR is posted & before it merges:

  • The developer has tested their solution on a cluster by using the image produced by the PR to main

* CVE-2024-21538 odh-dashboard-container: regular expression denial of service [main]
Copy link

codecov bot commented Jan 9, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 84.98%. Comparing base (ed014b8) to head (2649f6b).
Report is 8 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #3627      +/-   ##
==========================================
- Coverage   85.00%   84.98%   -0.02%     
==========================================
  Files        1404     1404              
  Lines       32244    32244              
  Branches     9042     9042              
==========================================
- Hits        27408    27402       -6     
- Misses       4836     4842       +6     

see 5 files with indirect coverage changes


Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ed014b8...2649f6b. Read the comment docs.

Copy link
Contributor

@manaswinidas manaswinidas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

Running npm audit in backend folder reduced vulnerabilities from 4 to 3(before vs after) and I don't see high severity vulnerability Regular Expression Denial of Service (ReDoS) in cross-spawn and Dashboard loads fine.

Screenshot 2025-01-09 at 4 34 10 PM

@Gkrumbach07
Copy link
Member

/approve

Copy link
Contributor

openshift-ci bot commented Jan 9, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Gkrumbach07, manaswinidas

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved label Jan 9, 2025
@openshift-merge-bot openshift-merge-bot bot merged commit c4dfc57 into opendatahub-io:main Jan 9, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants