Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability issue #816

Closed
AndreeaCristinaRadacina opened this issue Dec 13, 2023 · 6 comments · Fixed by #817 or #818
Closed

Vulnerability issue #816

AndreeaCristinaRadacina opened this issue Dec 13, 2023 · 6 comments · Fixed by #817 or #818
Assignees
@preda-bogdan
Labels
bug This label could be used to identify issues that are caused by a defect in the product. customer report Indicates the request came from a customer. released Indicate that an issue has been resolved and released in a particular version of the product. small (1-3h) This label is used for issues that can be completed within 3 hours or less.

Comments

@AndreeaCristinaRadacina
Copy link

Description

A vulnerability issue was reported here - https://secure.helpscout.net/conversation/2451987456/396713?viewId=931544

Step-by-step reproduction instructions

.

Screenshots, screen recording, code snippet or Help Scout ticket

No response

Environment info

No response

Is the issue you are reporting a regression

No
@AndreeaCristinaRadacina AndreeaCristinaRadacina added the bug This label could be used to identify issues that are caused by a defect in the product. label Dec 13, 2023
@pirate-bot pirate-bot added the customer report Indicates the request came from a customer. label Dec 13, 2023
@stefan-cotitosu stefan-cotitosu added security Related to security vulnerabilities or other security-related concerns in the project. and removed security Related to security vulnerabilities or other security-related concerns in the project. labels Dec 14, 2023
@stefan-cotitosu
Copy link
Contributor

I've asked the user who contacted us for the details of the vulnerability as they didn't share it yet. We'll come back with the details or I'll close the issue if we don't receive it. Apologies for the inconvenience.

@kushh23
Copy link

kushh23 commented Dec 15, 2023

Hello there,

They have replied and provided more details about the vulnerabilities in this ticket. Please check it out. Thank you!

https://secure.helpscout.net/conversation/2451987456/396713?folderId=931544

cc: @vytisbulkevicius

@vytisbulkevicius
Copy link
Contributor

@preda-bogdan,

Please prioritize this tomorrow 🙏

@stefan-cotitosu
Copy link
Contributor

stefan-cotitosu commented Dec 17, 2023
edited
Loading

Bogdan, I've added all the details here. Thank you for helping us with it.

@preda-bogdan preda-bogdan added the small (1-3h) This label is used for issues that can be completed within 3 hours or less. label Dec 18, 2023
preda-bogdan added a commit that referenced this issue Dec 18, 2023
@preda-bogdan
fix: solve vulnerability with script metadata #816
1ee2049
@preda-bogdan preda-bogdan mentioned this issue Dec 18, 2023
Merged
@preda-bogdan preda-bogdan linked a pull request Dec 18, 2023 that will close this issue
fix: solve vulnerability with script metadata #816 #817
Merged
@preda-bogdan
Copy link
Contributor

I linked the PR, it should be resolved now, it's awaiting Code Review and then will be forwarded to testing.

vytisbulkevicius added a commit that referenced this issue Dec 18, 2023
@vytisbulkevicius
Merge pull request #817 from Codeinwp/fix/scripts_box_metadata_vulner…
e3cfa01 
…ability

fix: solve vulnerability with script metadata #816
@vytisbulkevicius vytisbulkevicius linked a pull request Dec 18, 2023 that will close this issue
Release #818
Merged
@pirate-bot
Copy link
Contributor

🎉 This issue has been resolved in version 2.10.27 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@pirate-bot pirate-bot added the released Indicate that an issue has been resolved and released in a particular version of the product. label Dec 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@preda-bogdan preda-bogdan

Labels
bug This label could be used to identify issues that are caused by a defect in the product. customer report Indicates the request came from a customer. released Indicate that an issue has been resolved and released in a particular version of the product. small (1-3h) This label is used for issues that can be completed within 3 hours or less.
Projects
None yet
Milestone
No milestone
6 participants
@preda-bogdan @stefan-cotitosu @vytisbulkevicius @pirate-bot @AndreeaCristinaRadacina @kushh23