Comments (12)
@p3x-robot Looking forward to get a solution from the xlts team. Your support is awsome. I really appreciate, how you take security that seriously. ๐
from redis-ui.
those vulnerabilities do not apply to redis-ui-material. as we are not using those vulnerabilities, only the angular.copy, which i have replaced with lodash cloneDeep.
from redis-ui.
ref: https://xlts.dev/
from redis-ui.
GHSA-prc3-vjfx-vhm9: we do not support Internet Explorer (i think it does not even work with that), should it would give a problem, i will reject by the user agent
GHSA-2vrf-hf26-jrp5: in the next version we will not use angular.copy
GHSA-2qqx-w9hr-q5gx: we do not use the $resource function
GHSA-qwqh-hm9m-p5hr: we do not use the input[url]
from redis-ui.
you can check out: https://p3x.redis.patrikx3.com/ if you can crash it :)
from redis-ui.
contacted xlts.dev, they said:
Hi Patrik,
Thanks for reaching out!
From my understanding our support would fix these vulnerabilities that you listed. I've sent this off to our technical team to confirm and provide context.
I'll be in touch shortly with an answer for you.
Best,
from redis-ui.
@p3x-robot Thank you very much for your commitment.
I also stumbled upon the following CVEs:
CVE-2021-4231 --> I guess this is not relevant because it affects @angular/core, right?
CVE-2022-25844 --> This seems to be fixed in AngularJS 1.8.8 (https://xlts.dev/blog/2022-04-11-xlts-for-angularjs-1-8-8), but as far as I know you are still using 1.8.3, right?
from redis-ui.
@p3x-robot Thank you very much for your commitment.
I also stumbled upon the following CVEs: CVE-2021-4231 --> I guess this is not relevant because it affects @angular/core, right? CVE-2022-25844 --> This seems to be fixed in AngularJS 1.8.8 (https://xlts.dev/blog/2022-04-11-xlts-for-angularjs-1-8-8), but as far as I know you are still using 1.8.3, right?
GHSA-c75v-2vq8-878f - it is after Angular 2, so it is not relevant
for GHSA-m2h2-264f-f486, I talked to the xlts.dev team and even though it is an open source app, they look like will help
from redis-ui.
by the end, they can only help if you have money for it, but i think it is not using those function that give a DOS error
from redis-ui.
@p3x-robot Thank you very much for your commitment.
I also stumbled upon the following CVEs: CVE-2021-4231 --> I guess this is not relevant because it affects @angular/core, right? CVE-2022-25844 --> This seems to be fixed in AngularJS 1.8.8 (https://xlts.dev/blog/2022-04-11-xlts-for-angularjs-1-8-8), but as far as I know you are still using 1.8.3, right?
Sorry if I'm blind but, isn't the lastest version of AngularJS 1.8.2? I couldn't find any newer version (for instance the 1.8.8 you mentioned). I'm trying to clear the vulnerability for an application as well, a brief clarification would help, thanks.
from redis-ui.
they did not provide the latest Angular version, because it is not free anymore.
from redis-ui.
Reference:
https://github.com/patrikx3/redis-ui?tab=readme-ov-file#angularjs-vulnerabilities
from redis-ui.
Related Issues (20)
- "Persistance" tab misspelled in Statistics
- Deleting an object does not refresh HOT 1
- Can I configure the port and address to listen on? (not Redis instances, the p3x-redis-ui service) HOT 4
- Invalid helm chart HOT 1
- redis-ui how to config ssh tunnel๏ผ HOT 1
- Is it possible to set the default db in .p3xrs-conns.json? HOT 3
- Can you add ARM container image? HOT 5
- fail to deploy using helm chart HOT 1
- [New Feature Request] Connection to Redis Sentinel Cluster HOT 1
- Cannot set properties of undefined (setting 'rejectUnauthorized') HOT 3
- Docker image not built with the latest release 2023.4.102? HOT 1
- set passwords via cli HOT 1
- k8s chart ingress is old HOT 1
- missing signature key HOT 4
- Nginx configuration. HOT 1
- Running behind a reverse proxy HOT 2
- Error: ENOENT: no such file or directory, stat '/node_modules/p3x-redis-ui-material/dist/index.html' HOT 5
- How can I use read-only mode while using p3x-redis by docker? HOT 8
- Missing connections HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from redis-ui.