Issues
- Denial of service in threeALEC-292
- Cross-site Scripting in karmaALEC-291
- Open redirect in karmaALEC-290
- Cross site scripting in AngularALEC-289
- word-wrap vulnerable to Regular Expression Denial of ServiceALEC-288
- Can't enable situation feedbackALEC-293
- TemporaryFolder on unix-like systems does not limit access to created filesALEC-287
- Information Disclosure in GuavaALEC-286
- Information Disclosure in GuavaALEC-285
- Path Traversal and Improper Input Validation in Apache Commons IOALEC-284
- Path Traversal and Improper Input Validation in Apache Commons IOALEC-283
- Deserialization of Untrusted Data in GsonALEC-282
- Denial of Service in Google GuavaALEC-281
- Improper Input Validation and Injection in Apache Log4j2ALEC-280
- decode-uri-component vulnerable to Denial of Service (DoS)ALEC-279
- Prototype Pollution in JSON5 via Parse MethodALEC-278
- antfu/utils vulnerable to prototype pollutionALEC-277
- Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)ALEC-276
- Guava vulnerable to insecure use of temporary directoryALEC-275
- Guava vulnerable to insecure use of temporary directoryALEC-274
- Guava vulnerable to insecure use of temporary directoryALEC-273
- semver vulnerable to Regular Expression Denial of ServiceALEC-272
- semver vulnerable to Regular Expression Denial of ServiceALEC-271
- Links in the UI are pointing to a page that doesn't exist on doc.opennms.comALEC-270
- handle new linkd protocol types in inventory correlationALEC-269
- DOC: remove reference to layout in docs index fileALEC-268Resolved issue: ALEC-268Bonnie Robinson
- Remove reference to apt-key in examplesALEC-267Resolved issue: ALEC-267Bonnie Robinson
- Release ALEC 3.0.0ALEC-266Resolved issue: ALEC-266Benjamin Janssens
- Description doesn't show when user creates a new situationALEC-265Resolved issue: ALEC-265Benjamin Janssens
- Situation ID not sent to datalake when user creates situationALEC-264Resolved issue: ALEC-264Benjamin Janssens
- ALEC docs: Update diagrams and provide editable filesALEC-263Emily Marsh
- UI text updates and feedbackALEC-262Anya Rybalova
- Move chapters into Reference sectionALEC-261Resolved issue: ALEC-261Emily Marsh
- Check if we can store situation can not be updatedALEC-260Resolved issue: ALEC-260Benjamin Janssens
- Make send situation to datalake asyncALEC-259Resolved issue: ALEC-259Benjamin Janssens
- DOC: Update model chapterALEC-258Resolved issue: ALEC-258Emily Marsh
- Feedback and ImprovmentsALEC-257Resolved issue: ALEC-257Anya Rybalova
- ALEC docs: Add tabs to installation sectionALEC-256
- Inconsistent terminology in the UIALEC-255Anya Rybalova
- Show configuration pageALEC-254Resolved issue: ALEC-254Anya Rybalova
- alarms with a 'bgp-peer' managed object type are not properly represented on the graphALEC-253Jesse White
- Fix getSituationStatusListALEC-252Resolved issue: ALEC-252Benjamin Janssens
- Add feedback and engine parameter to situationALEC-251Resolved issue: ALEC-251Benjamin Janssens
- Unit testsALEC-250Resolved issue: ALEC-250Anya Rybalova
- FIx import ref and watchALEC-249Resolved issue: ALEC-249Anya Rybalova
- Allow to remove and add multiple alarms in one callALEC-248Resolved issue: ALEC-248Benjamin Janssens
- SonarCloud - Automatic analysis that's enabled for Alec does not support scanning for security vulnerabilitiesALEC-247Benjamin Janssens
- Fix testsALEC-246Resolved issue: ALEC-246Anya Rybalova
- Add long id to alarm and situation alec apiALEC-245Resolved issue: ALEC-245Benjamin Janssens
- Rename Alec plugin because it creates conflicts with others pluginsALEC-244Resolved issue: ALEC-244Anya Rybalova
50 of 278
Denial of service in three
Description
Details
Assignee
UnassignedUnassignedReporter
onms security jiraonms security jiraLabels
Priority
Trivial
Details
Details
Assignee
Unassigned
UnassignedReporter
onms security jira
onms security jira
Labels
Priority
TrivialPagerDuty
PagerDuty
PagerDuty
Created July 21, 2023 at 10:34 PM
Updated July 21, 2023 at 10:34 PM
Activity
Show:
This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require('three') function build_blank { var ret = "rgb(" for (var i = 0; i < n; i++) { ret += " " } return ret + ""; } var Color = three.Color var time = Date.now(); new Color(build_blank(50000)) var time_cost = Date.now() - time; console.log(time_cost+" ms")
Repository: OpenNMS/alec-viz (https://github.com/OpenNMS/alec-viz)
Dependabot: https://github.com/OpenNMS/alec-viz/security/dependabot/2
CVE: CVE-2020-28496
CVSS:
GHSA: GHSA-fq6p-x6j3-cmmq
Severity: high
Ecosystem: npm
Package Name: three
Vulnerable Version Range: < 0.125.0
First Patched Version: 0.125.0