Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check logs Sprint 7.1 week 2 #3347

Closed
hcaofec opened this issue Aug 29, 2018 · 1 comment
Closed

Check logs Sprint 7.1 week 2 #3347

hcaofec opened this issue Aug 29, 2018 · 1 comment
Assignees
@fecjjeng

Comments

@hcaofec
Copy link
Contributor

hcaofec commented Aug 29, 2018

Log review needs to be completed for Sprint 7.1 ( week 2 ) per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)
@fecjjeng
Copy link
Contributor

FEC-CMS: 2
package.json - 0
requirements.txt - 1 Medium
[Med] Open Redirect (due 10/8) fecgov/fec-cms#2263

OPENFEC: 2
requirements.txt - 1 High, 1 Medium
[Med per Jay] Arbitrary Code Execution (due 9/10) - #3280
[High] Snyk: Improper Input Validation - #3344

FEC-EREGS: 0

FEC-PATTERN-LIB: 4
package.json - 2 medium, 2 Low
[MED] ua-parser-js module - Regular Expression Denial of Service (ReDoS) - fecgov/fec-pattern-library#116
[MED] chownr - Time of Check Time of Use (TOCTOU) - fecgov/fec-pattern-library#127
[LOW] Two low risk modues : lodash and braces - fecgov/fec-pattern-library#117

Add/Update User Accounts: 0

Deployer Accounts/Service Keys :
9 service keys found on cloud.gov under fec-beta-fec org

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fecjjeng fecjjeng

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hcaofec @fecjjeng