US26 Palvelun tuottajana haluan selvityksen siitä millaisia tunnettuja haavottuvuuksia on nykyisissä toteutukseen liittyvissä kirjastoissa tai moduleissa, koska täytyy varautua tulevaisuutta varten
Story (Change name of file according story name)
| US26 | Palvelun tuottajana haluan selvityksen siitä millaisia tunnettuja haavottuvuuksia on nykyisissä toteutukseen liittyvissä kirjastoissa tai moduleissa, koska täytyy varautua tulevaisuutta varten
- Priority: P3
Linked Requirements & Use Cases?
Definition of done
- Implemented
- Tested
- Documented
- Pair reviewed
- ?
Acceptance Criterias
-
Check if... -
Check also... -
Check if... -
Check if... test case Link to test case definition -
Check if...
FRONTEND
install webpack-dev-server high npm install --save-dev react-scripts@4.0.0 Missing Origin Validation https://npmjs.com/advisories/725 react-scripts>webpack-dev-server Y
install js-yaml high npm install --save-dev react-scripts@4.0.0 Code Injection https://npmjs.com/advisories/813 react-scripts>css-loader>cssnano>postcss-svgo>svgo>js-yaml Y
update js-yaml high npm update js-yaml --depth 6 Code Injection https://npmjs.com/advisories/813 react-scripts>jest>jest-cli>istanbul-api>js-yamlN
update js-yaml high npm update js-yaml --depth 6 Code Injection https://npmjs.com/advisories/813 react-scripts>postcss-loader>postcss-load-config>cosmiconfig>js-yaml N
update js-yaml high npm update js-yaml --depth 6 Code Injection https://npmjs.com/advisories/813 react-scripts>postcss-loader>postcss-load-config>postcss-load-options>cosmiconfig>js-yaml N
update js-yaml high npm update js-yaml --depth 6 Code Injection https://npmjs.com/advisories/813 react-scripts>postcss-loader>postcss-load-config>postcss-load-plugins>cosmiconfig>js-yaml N
install js-yaml moderate npm install --save-dev react-scripts@4.0.0 Denial of Service https://npmjs.com/advisories/788 react-scripts>css-loader>cssnano>postcss-svgo>svgo>js-yaml Y
install marked moderate npm install marked@1.2.5 Regular Expression Denial of Service https://npmjs.com/advisories/812 marked Y
update js-yaml moderate npm update js-yaml --depth 6 Denial of Service https://npmjs.com/advisories/788 react-scripts>jest>jest-cli>istanbul-api>js-yaml N
update js-yaml moderate npm update js-yaml --depth 6 Denial of Service https://npmjs.com/advisories/788 react-scripts>postcss-loader>postcss-load-config>cosmiconfig>js-yaml N
update js-yaml moderate npm update js-yaml --depth 6 Denial of Service https://npmjs.com/advisories/788 react-scripts>postcss-loader>postcss-load-config>postcss-load-options>cosmiconfig>js-yaml N
update js-yaml moderate npm update js-yaml --depth 6 Denial of Service https://npmjs.com/advisories/788 react-scripts>postcss-loader>postcss-load-config>postcss-load-plugins>cosmiconfig>js-yaml N
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>babel-jest>babel-plugin-istanbul>test-exclude>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-runtime>babel-jest>babel-plugin-istanbul>test-exclude>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-runtime>babel-plugin-istanbul>test-exclude>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-config>jest-environment-jsdom>jest-util>jest-message-util>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-runtime>jest-config>jest-environment-jsdom>jest-util>jest-message-util>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-environment-jsdom>jest-util>jest-message-util>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-config>jest-environment-node>jest-util>jest-message-util>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-runtime>jest-config>jest-environment-node>jest-util>jest-message-util>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-config>jest-jasmine2>jest-snapshot>jest-util>jest-message-util>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-runtime>jest-config>jest-jasmine2>jest-snapshot>jest-util>jest-message-util>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-jasmine2>jest-snapshot>jest-util>jest-message-util>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-snapshot>jest-util>jest-message-util>micromatch>bracesY
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-runtime>jest-util>jest-message-util>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-util>jest-message-util>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-config>jest-jasmine2>jest-matchers>jest-message-util>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-runtime>jest-config>jest-jasmine2>jest-matchers>jest-message-util>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-jasmine2>jest-matchers>jest-message-util>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-config>jest-jasmine2>jest-message-util>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-runtime>jest-config>jest-jasmine2>jest-message-util>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-jasmine2>jest-message-util>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-message-util>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-haste-map>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-runtime>jest-haste-map>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-haste-map>sane>anymatch>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-runtime>jest-haste-map>sane>anymatch>micromatch>bracesY
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>jest-runtime>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>jest>jest-cli>micromatch>braces Y
install braces low npm install --save-dev react-scripts@4.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>webpack-dev-server>http-proxy-middleware>micromatch>braces Y
install mem low npm install --save-dev react-scripts@4.0.0 Denial of Service https://npmjs.com/advisories/1084 react-scripts>webpack>yargs>os-locale>mem Y
install yargs-parser low npm install --save-dev react-scripts@4.0.0 Prototype Pollution https://npmjs.com/advisories/1500 react-scripts>webpack>yargs>yargs-parser Y
install yargs-parser low npm install --save-dev react-scripts@4.0.0 Prototype Pollution https://npmjs.com/advisories/1500 react-scripts>webpack-dev-server>yargs>yargs-parser Y
review braces low >=2.3.1 Regular Expression Denial of Service https://npmjs.com/advisories/786 react-scripts>webpack-dev-server>chokidar>anymatch>micromatch>braces
BACKEND
install handlebars critical npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/755 newman>handlebars Y
install negotiator high npm install express@4.17.1 Regular Expression Denial of Service https://npmjs.com/advisories/106 express>accepts>negotiator N
install fresh high npm install express@4.17.1 Regular Expression Denial of Service https://npmjs.com/advisories/526 express>fresh N
install fresh high npm install express@4.17.1 Regular Expression Denial of Service https://npmjs.com/advisories/526 express>send>fresh N
install fresh high npm install express@4.17.1 Regular Expression Denial of Service https://npmjs.com/advisories/526 express>serve-static>send>fresh N
install qs high npm install express@4.17.1 Prototype Pollution Protection Bypass https://npmjs.com/advisories/1469 express>qs N
install qs high npm install body-parser@1.19.0 Prototype Pollution Protection Bypass https://npmjs.com/advisories/1469 body-parser>qs N
install base64-url high npm install express-session@1.17.1 Out-of-bounds Read https://npmjs.com/advisories/660 express-session>uid-safe>base64-url N
install method-override high npm install method-override@3.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/538 method-override Y
install mongodb high npm install mongoose@5.10.15 Denial of Service https://npmjs.com/advisories/1203 mongoose>mongodb Y
install lodash high npm install express-jwt@6.0.0 Prototype Pollution https://npmjs.com/advisories/782 express-jwt>lodash Y
install lodash high npm install express-jwt@6.0.0 Prototype Pollution https://npmjs.com/advisories/1065 express-jwt>lodash Y
install lodash high npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/782 newman>lodash Y
install lodash high npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/782 newman>postman-collection>lodashY
install lodash high npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/782 newman>postman-runtime>postman-collection>lodash Y
install lodash high npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/782 newman>postman-collection-transformer>lodash Y
install lodash high npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/782 newman>postman-runtime>lodash Y
install lodash high npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/782 newman>postman-runtime>postman-sandbox>lodash Y
install lodash high npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/782 newman>postman-runtime>postman-sandbox>uvm>lodash Y
install lodash high npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/1065 newman>lodash Y
install lodash high npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/1065 newman>postman-collection>lodashY
install lodash high npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/1065 newman>postman-runtime>postman-collection>lodash Y
install lodash high npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/1065 newman>postman-collection-transformer>lodash Y
install lodash high npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/1065 newman>postman-runtime>lodash Y
install lodash high npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/1065 newman>postman-runtime>postman-sandbox>lodash Y
install lodash high npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/1065 newman>postman-runtime>postman-sandbox>uvm>lodash Y
install handlebars high npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/1164 newman>handlebars Y
install csv-parse high npm install --save-dev newman@5.2.1 Regular Expression Denial of Service https://npmjs.com/advisories/1171 newman>csv-parse Y
install handlebars high npm install --save-dev newman@5.2.1 Arbitrary Code Execution https://npmjs.com/advisories/1316 newman>handlebars Y
install handlebars high npm install --save-dev newman@5.2.1 Arbitrary Code Execution https://npmjs.com/advisories/1324 newman>handlebars Y
install handlebars high npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/1325 newman>handlebars Y
update lodash high npm update lodash --depth 4 Prototype Pollution https://npmjs.com/advisories/782 newman>postman-runtime>async>lodash N
update lodash high npm update lodash --depth 4 Prototype Pollution https://npmjs.com/advisories/1065 newman>postman-runtime>async>lodash N
update dot-prop high npm update dot-prop --depth 4 Prototype Pollution https://npmjs.com/advisories/1213 nodemon>update-notifier>configstore>dot-prop N
review tough-cookie high >=2.3.3 Regular Expression Denial of Service https://npmjs.com/advisories/525 request>tough-cookie
review cryptiles high >=4.1.2 Insufficient Entropy https://npmjs.com/advisories/1464 request>hawk>cryptiles
review cryptiles high >=4.1.2 Insufficient Entropy https://npmjs.com/advisories/1464 newman>postman-request>hawk>cryptiles
review cryptiles high >=4.1.2 Insufficient Entropy https://npmjs.com/advisories/1464 newman>postman-runtime>postman-request>hawk>cryptiles
review cryptiles high >=4.1.2 Insufficient Entropy https://npmjs.com/advisories/1464 newman>postman-runtime>hawk>cryptiles
review bl high >=1.2.3 <2.0.0 || >=2.2.1 < 3.0.0 || >=3.0.1 <4.0.0 || >=4.0.3 Remote Memory Exposure https://npmjs.com/advisories/1555 request>bl
install mime moderate npm install express@4.17.1 Regular Expression Denial of Service https://npmjs.com/advisories/535 express>send>mime N
install mime moderate npm install express@4.17.1 Regular Expression Denial of Service https://npmjs.com/advisories/535 express>serve-static>send>mime N
install mpath moderate npm install mongoose@5.10.15 Prototype Pollution https://npmjs.com/advisories/779 mongoose>mpath Y
install morgan moderate npm install morgan@1.10.0 Code Injection https://npmjs.com/advisories/736 morgan N
install slug moderate npm install slug@4.0.2 Regular Expression Denial of Service https://npmjs.com/advisories/537 slug Y
install marked moderate npm install --save-dev newman@5.2.1 Regular Expression Denial of Service https://npmjs.com/advisories/812 newman>postman-collection>marked Y
install marked moderate npm install --save-dev newman@5.2.1 Regular Expression Denial of Service https://npmjs.com/advisories/812 newman>postman-runtime>postman-collection>marked Y
install handlebars moderate npm install --save-dev newman@5.2.1 Denial of Service https://npmjs.com/advisories/1300 newman>handlebars Y
review tough-cookie moderate >=2.3.0 ReDoS via long string of semicolons https://npmjs.com/advisories/130 request>tough-cookie
review hoek moderate > 4.2.0 < 5.0.0 || >= 5.0.3 Prototype Pollution https://npmjs.com/advisories/566 jsonwebtoken>joi>hoek
review hoek moderate > 4.2.0 < 5.0.0 || >= 5.0.3 Prototype Pollution https://npmjs.com/advisories/566 jsonwebtoken>joi>topo>hoek
review hoek moderate > 4.2.0 < 5.0.0 || >= 5.0.3 Prototype Pollution https://npmjs.com/advisories/566 request>hawk>boom>hoek
review hoek moderate > 4.2.0 < 5.0.0 || >= 5.0.3 Prototype Pollution https://npmjs.com/advisories/566 request>hawk>cryptiles>boom>hoek
review hoek moderate > 4.2.0 < 5.0.0 || >= 5.0.3 Prototype Pollution https://npmjs.com/advisories/566 request>hawk>hoek
review hoek moderate > 4.2.0 < 5.0.0 || >= 5.0.3 Prototype Pollution https://npmjs.com/advisories/566 request>hawk>sntp>hoek
review tunnel-agent moderate >=0.6.0 Memory Exposure https://npmjs.com/advisories/598 request>tunnel-agent
install debug low npm install express@4.17.1 Regular Expression Denial of Service https://npmjs.com/advisories/534 express>debug N
install debug low npm install express@4.17.1 Regular Expression Denial of Service https://npmjs.com/advisories/534 express>finalhandler>debug N
install debug low npm install express@4.17.1 Regular Expression Denial of Service https://npmjs.com/advisories/534 express>send>debug N
install debug low npm install express@4.17.1 Regular Expression Denial of Service https://npmjs.com/advisories/534 express>serve-static>send>debug N
install debug low npm install body-parser@1.19.0 Regular Expression Denial of Service https://npmjs.com/advisories/534 body-parser>debug N
install debug low npm install express-session@1.17.1 Regular Expression Denial of Service https://npmjs.com/advisories/534 express-session>debug N
install debug low npm install method-override@3.0.0 Regular Expression Denial of Service https://npmjs.com/advisories/534 method-override>debug Y
install debug low npm install mongoose@5.10.15 Regular Expression Denial of Service https://npmjs.com/advisories/534 mongoose>mquery>debug Y
install debug low npm install morgan@1.10.0 Regular Expression Denial of Service https://npmjs.com/advisories/534 morgan>debug N
install lodash low npm install express-jwt@6.0.0 Prototype Pollution https://npmjs.com/advisories/577 express-jwt>lodash Y
install lodash low npm install express-jwt@6.0.0 Prototype Pollution https://npmjs.com/advisories/1523 express-jwt>lodash Y
install marked low npm install --save-dev newman@5.2.1 Regular Expression Denial of Service https://npmjs.com/advisories/1076 newman>postman-collection>marked Y
install marked low npm install --save-dev newman@5.2.1 Regular Expression Denial of Service https://npmjs.com/advisories/1076 newman>postman-runtime>postman-collection>marked Y
install minimist low npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/1179 newman>handlebars>optimist>minimist Y
install minimist low npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/1179 newman>mkdirp>minimist Y
install lodash low npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/1523 newman>lodash Y
install lodash low npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/1523 newman>postman-collection>lodashY
install lodash low npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/1523 newman>postman-runtime>postman-collection>lodash Y
install lodash low npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/1523 newman>postman-collection-transformer>lodash Y
install lodash low npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/1523 newman>postman-runtime>lodash Y
install lodash low npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/1523 newman>postman-runtime>postman-sandbox>lodash Y
install lodash low npm install --save-dev newman@5.2.1 Prototype Pollution https://npmjs.com/advisories/1523 newman>postman-runtime>postman-sandbox>uvm>lodash Y
update debug low npm update debug --depth 8 Regular Expression Denial of Service https://npmjs.com/advisories/534 nodemon>chokidar>anymatch>micromatch>braces>snapdragon>debug N
update debug low npm update debug --depth 8 Regular Expression Denial of Service https://npmjs.com/advisories/534 nodemon>chokidar>readdirp>micromatch>braces>snapdragon>debug N
update debug low npm update debug --depth 8 Regular Expression Denial of Service https://npmjs.com/advisories/534 nodemon>chokidar>braces>snapdragon>debug N
update debug low npm update debug --depth 8 Regular Expression Denial of Service https://npmjs.com/advisories/534 nodemon>chokidar>anymatch>micromatch>extglob>expand-brackets>snapdragon>debug N
update debug low npm update debug --depth 8 Regular Expression Denial of Service https://npmjs.com/advisories/534 nodemon>chokidar>readdirp>micromatch>extglob>expand-brackets>snapdragon>debug N
update debug low npm update debug --depth 8 Regular Expression Denial of Service https://npmjs.com/advisories/534 nodemon>chokidar>anymatch>micromatch>extglob>snapdragon>debug N
update debug low npm update debug --depth 8 Regular Expression Denial of Service https://npmjs.com/advisories/534 nodemon>chokidar>readdirp>micromatch>extglob>snapdragon>debug N
update debug low npm update debug --depth 8 Regular Expression Denial of Service https://npmjs.com/advisories/534 nodemon>chokidar>anymatch>micromatch>nanomatch>snapdragon>debug N
update debug low npm update debug --depth 8 Regular Expression Denial of Service https://npmjs.com/advisories/534 nodemon>chokidar>readdirp>micromatch>nanomatch>snapdragon>debug N
update debug low npm update debug --depth 8 Regular Expression Denial of Service https://npmjs.com/advisories/534 nodemon>chokidar>anymatch>micromatch>snapdragon>debug N
update debug low npm update debug --depth 8 Regular Expression Denial of Service https://npmjs.com/advisories/534 nodemon>chokidar>readdirp>micromatch>snapdragon>debug N
update debug low npm update debug --depth 8 Regular Expression Denial of Service https://npmjs.com/advisories/534 nodemon>undefsafe>debugN
update lodash low npm update lodash --depth 4 Prototype Pollution https://npmjs.com/advisories/1523 mongoose>async>lodash N
update lodash low npm update lodash --depth 4 Prototype Pollution https://npmjs.com/advisories/1523 request>form-data>async>lodash N
update lodash low npm update lodash --depth 4 Prototype Pollution https://npmjs.com/advisories/1523 newman>async>lodash N
update lodash low npm update lodash --depth 4 Prototype Pollution https://npmjs.com/advisories/1523 newman>postman-runtime>async>lodash N