🐛 [BUG] - Some problems on yarn.lock #71

ymw0407 · 2023-09-30T22:04:09Z

Browsers

Firefox, Chrome, Safari, Microsoft Edge, Opera

OS

Windows, Linux, Mac

Description

There is a Regular Expression Denial of Service (ReDoS) vulnerability in nth-check that causes a denial of service when parsing crafted invalid CSS nth-checks.

The ReDoS vulnerabilities of the regex are mainly due to the sub-pattern \s*(?:([+-]?)\s*(\d+))? with quantified overlapping adjacency and can be exploited with the following code.

Reproduction URL

https://github.com/AgainIoT/Open-Set-Go_client/security/dependabot/1

Reproduction Steps

https://github.com/AgainIoT/Open-Set-Go_client/security/dependabot/1

Solutions

No response

Screenshots

No response

Signed-off-by: ymw0407 <[email protected]>

Fix : Security Priblem occured by nth-check resolved at #71

* Feat : add meta data #65 Signed-off-by: bentshrimp <[email protected]> * Bump @adobe/css-tools from 4.2.0 to 4.3.1 Bumps [@adobe/css-tools](https://github.com/adobe/css-tools) from 4.2.0 to 4.3.1. - [Changelog](https://github.com/adobe/css-tools/blob/main/History.md) - [Commits](https://github.com/adobe/css-tools/commits) --- updated-dependencies: - dependency-name: "@adobe/css-tools" dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Fix : Security Priblem occured by nth-check resolved at #71 Signed-off-by: ymw0407 <[email protected]> * Update : rename title from "Open Set Go" to "Open-Set-Go" #65 Signed-off-by: bentshrimp <[email protected]> * Update : manifest.json updated with proper icon images #65 Signed-off-by: bentshrimp <[email protected]> * Remove : unnecessary file, favicon.svg removed #65 Signed-off-by: bentshrimp <[email protected]> * Fix : icon size setting fixed #65 Signed-off-by: bentshrimp <[email protected]> * Chore : remove .vscode Signed-off-by: Yun Min Woo <[email protected]> * Add : _redirects for netlify CD Signed-off-by: Yun Min Woo <[email protected]> * Fix : Improving cookie handling tech #78 - need to improve handling cookie at refreshing main page * Fix : vulnerability alert resolved #77 - https://github.com/AgainIoT/Open-Set-Go_client/security/dependabot/3 Signed-off-by: bentshrimp <[email protected]> * Fix : MainPage isLogin state works well #78 Signed-off-by: bentshrimp <[email protected]> * Fix : changed unnecessary if-else into single return statement #78 Signed-off-by: bentshrimp <[email protected]> * update staging branch (#81) * Fix : Improving cookie handling tech #78 - need to improve handling cookie at refreshing main page * Fix : vulnerability alert resolved #77 - https://github.com/AgainIoT/Open-Set-Go_client/security/dependabot/3 Signed-off-by: bentshrimp <[email protected]> * Fix : MainPage isLogin state works well #78 Signed-off-by: bentshrimp <[email protected]> * Fix : changed unnecessary if-else into single return statement #78 Signed-off-by: bentshrimp <[email protected]> --------- Signed-off-by: bentshrimp <[email protected]> Co-authored-by: ymw0407 <[email protected]> * Fix : remove user info in local storage #83 - correct the icon src - remove user info every time user revisit after automatic loggout Signed-off-by: bentshrimp <[email protected]> * Add : add react script 'yarn start:win' & 'yarn start:linux' #85 * Feat : Security Policy Updated #87 Signed-off-by: Yun Min Woo <[email protected]> * Fix : blog -> docs, docs domain changed #88 * Fix : Logo.svg changed to logo.svg(typo error) Co-authored-by : bent_shrimp <[email protected]> Signed-off-by: Yun Min Woo <[email protected]> * Fix : render profile image when only login #83 Signed-off-by: bentshrimp <[email protected]> * Chore : remove unnecessary import #83 Signed-off-by: bentshrimp <[email protected]> * Revert "Unexpected bugs fixed" * Fix : manage login state only in Header #83 Signed-off-by: bentshrimp <[email protected]> * Chore : remove unused state variable #83 Signed-off-by: bentshrimp <[email protected]> * Correct old docs url (#100) Fix : old docs url corrected #98 Signed-off-by: bentshrimp <[email protected]> Co-authored-by: Yun Min Woo <[email protected]> --------- Signed-off-by: bentshrimp <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: ymw0407 <[email protected]> Signed-off-by: Yun Min Woo <[email protected]> Co-authored-by: bentshrimp <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: bent_shrimp <[email protected]>

ymw0407 added bug Something isn't working security labels Sep 30, 2023

ymw0407 self-assigned this Sep 30, 2023

ymw0407 added a commit that referenced this issue Sep 30, 2023

Fix : Security Priblem occured by nth-check resolved at #71

36c47f4

Signed-off-by: ymw0407 <[email protected]>

ymw0407 linked a pull request Sep 30, 2023 that will close this issue

Fix : Security Priblem occured by nth-check resolved at #71 #72

Merged

11 tasks

ymw0407 mentioned this issue Sep 30, 2023

Fix : Security Priblem occured by nth-check resolved at #71 #72

Merged

11 tasks

ymw0407 closed this as completed in #72 Sep 30, 2023

ymw0407 added a commit that referenced this issue Sep 30, 2023

Merge pull request #72 from AgainIoT/feature/71

263eca3

Fix : Security Priblem occured by nth-check resolved at #71

ymw0407 mentioned this issue Oct 6, 2023

Open-Set-Go v1.0.1 #87

Merged

11 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

🐛 [BUG] - Some problems on yarn.lock #71

🐛 [BUG] - Some problems on yarn.lock #71

ymw0407 commented Sep 30, 2023

🐛 [BUG] - Some problems on yarn.lock #71

🐛 [BUG] - Some problems on yarn.lock #71

Comments

ymw0407 commented Sep 30, 2023

Browsers

OS

Description

Reproduction URL

Reproduction Steps

Solutions

Screenshots