Issues
- Back-port Angular evaluation prevention in non-Angular fields to foundation-2020NMS-16052Resolved issue: NMS-16052Benjamin Reed
- Prevent Angular evaluation of strings enclosed by two curly braces in non-Angular form-fields and outputNMS-15504Resolved issue: NMS-15504fooker
- [Web] - Session Fixation/Misconfigured Session Cookie ImplementationNMS-13984
- Cross site scripting - ReflectedNMS-13835Resolved issue: NMS-13835Gerald Humphries
- Support -> System Report exposes credentials in plain textNMS-13831Resolved issue: NMS-13831Gerald Humphries
- Reflected XSS in webapp notice wizardNMS-13496Resolved issue: NMS-13496Jeff Gehlbach
- Reflected XSS reported 2021-03-31 (update summary after disclosure)NMS-13229Resolved issue: NMS-13229Christian Pape
- XSS in notification wizardNMS-13123Resolved issue: NMS-13123Christian Pape
- opennms user credentials wrongly exposedNMS-12146Resolved issue: NMS-12146Gerald Humphries
- Multiple XSS vulnerabilities in OpenNMS webappNMS-9457Resolved issue: NMS-9457Seth Leger
- Prototype Pollution in handlebarsCOMPASS-286
- XSS via JQLite DOM manipulation functions in AngularJSCOMPASS-285
- Prototype Pollution in lodash.mergeCOMPASS-284
- Prototype Pollution in lodash.mergeCOMPASS-283
- Denial of Service in node-sassCOMPASS-282
- Denial of Service in handlebarsCOMPASS-281
- Arbitrary Code Execution in handlebarsCOMPASS-280
- Prototype Pollution in handlebarsCOMPASS-279
- Arbitrary Code Execution in handlebarsCOMPASS-278
- Regular Expression Denial of Service in npm-user-validateCOMPASS-277
- ReDOS vulnerabities: multiple grammarsCOMPASS-276
- Improper Privilege Management in shelljsCOMPASS-275
- Memory Exposure in tunnel-agentCOMPASS-274
- Memory Exposure in concat-streamCOMPASS-273
- Code Injection in js-yamlCOMPASS-272
- Denial of Service in js-yamlCOMPASS-271
- Command Injection in openCOMPASS-268
27 of 27
Back-port Angular evaluation prevention in non-Angular fields to foundation-2020
Fixed
Description
Acceptance / Success Criteria
None
Details
Assignee
Benjamin ReedBenjamin ReedReporter
Jeff GehlbachJeff GehlbachHB Grooming Date
Aug 07, 2023HB Backlog Status
Refined BacklogSprint
NoneAffects versions
Priority
Trivial
Details
Details
Assignee
Benjamin Reed
Benjamin Reed
Reporter
Jeff Gehlbach
Jeff Gehlbach
HB Grooming Date
Aug 07, 2023
HB Backlog Status
Refined Backlog
Sprint
None
Affects versions
Priority
TrivialPagerDuty
PagerDuty
PagerDuty
Created August 7, 2023 at 7:53 PM
Updated August 16, 2023 at 6:30 PM
Resolved August 16, 2023 at 6:30 PM
Activity
Show:
After this fix has had a month to soak in Horizon 32 and Meridian 2023, we should back-port it as far back as possible.