Comments (2)
clemiller
commented on June 30, 2024
Hi @leeliu48307,
The vulnerability you've encountered in the is_js package is due to a known issue with ReDoS (is_js GitHub Advisory), specifically in versions 0.9.0 and earlier. The is_js package does not have an available fix for this issue, and as such, we cannot patch this vulnerability within our project. The responsibility to fix this lies with the maintainers of is_js.
It's important to note that despite the vulnerability in the package, the application should still run as expected. Vulnerabilities like these typically pose a risk in scenarios where untrusted input is processed, leading to denial of service attacks. Running the application locally should not present a significant issue if proper security practices are followed and protected from untrusted inputs.
from attack-navigator.
leeliu48307
commented on June 30, 2024
Understood, it makes sence. Will follow it, thanks.
from attack-navigator.
Related Issues (20)
- Problem building docker image HOT 1
- Mitre attack HOT 1
- Docker Build Error HOT 1
- The `hideDisabled=True` option in the layer is not working. HOT 7
- Information to modify styling of navigator HOT 2
- Feature Request: add score visualisation in layer HOT 1
- Update to use STIX 2.1 Collection Index HOT 1
- Feature request: filter on ATT&CK data sources HOT 2
- Coundn't find a way to make a statistic of the technique score of all the apt groups HOT 2
- Outdated layer dialog box does not load the latest layer file format specification HOT 1
- Deprecated techniques are appearing in incorrect sections of the Layer Upgrade UI HOT 1
- Bug Fix: Cannot create or load Navigator Layers on ATT&CK v10 or earlier HOT 2
- Selecting data sources doesn't work anymore HOT 1
- Forming of Multiple layers through embedded link does not work HOT 1
- Exporting to JSON seems broken. HOT 1
- How to build project with node version. HOT 6
- JSON Export seems buggy HOT 1
- Cyber HOT 1
- ATLAS JSON without repeats from enterprise HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from attack-navigator.