From 2e56a314d05b9f20761e96af565ef00227c611a7 Mon Sep 17 00:00:00 2001 From: Kathy Luo Date: Wed, 30 Mar 2022 12:53:44 +0200 Subject: [PATCH] Update known vulnerabilities (#2270) ### Description There is a new vulnerability alert for simple-plist https://github.com/advisories/GHSA-gff7-g5r8-mg8m however the issue is not yet resolved from the project. For now ignore the vulnerability to unblock the CI, but we should bump the resolved version of simple-plist once [issue #60](https://github.com/wollardj/simple-plist/issues/60) is resolved. ### Other changes N/A ### Tested N/A ### How others should test N/A ### Related issues N/A ### Backwards compatibility Yes --- yarn-audit-known-issues | 1 + 1 file changed, 1 insertion(+) diff --git a/yarn-audit-known-issues b/yarn-audit-known-issues index e69de29bb2d..4eace0976aa 100644 --- a/yarn-audit-known-issues +++ b/yarn-audit-known-issues @@ -0,0 +1 @@ +{"type":"auditAdvisory","data":{"resolution":{"id":1067309,"path":"@celo/mobile>react-native>@react-native-community/cli-platform-ios>xcode>simple-plist","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"1.0.0","paths":["@celo/mobile>react-native>@react-native-community/cli-platform-ios>xcode>simple-plist"]}],"metadata":null,"vulnerable_versions":"<=1.3.0","module_name":"simple-plist","severity":"critical","github_advisory_id":"GHSA-gff7-g5r8-mg8m","cves":["CVE-2022-26260"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":9.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},"updated":"2022-03-29T21:44:08.000Z","recommendation":"None","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1067309,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-26260\n- https://github.com/wollardj/simple-plist/issues/60\n- https://github.com/advisories/GHSA-gff7-g5r8-mg8m","created":"2022-03-23T00:00:22.000Z","reported_by":null,"title":"Prototype Pollution in simple-plist","npm_advisory_id":null,"overview":"simple-plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse().","url":"https://github.com/advisories/GHSA-gff7-g5r8-mg8m"}}}