OpenSearch-Dashboards icon indicating copy to clipboard operation
OpenSearch-Dashboards copied to clipboard

Published 20 hours ago • verified publisher icon opensearch-project

CVE-2024-4067 still exists in micromatch 4.0.7

Open asteriscos opened this issue 1 year ago • 1 comments
trafficstars

Description

In this pull request the micromatch package was upgraded to 4.0.7 (latest to date) with the intention to fix CVE-2024-4067, but it turns out micromatch fixed this CVE in 4.0.6, but 4.0.7 reintroduced it.

  • https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6911/files#diff-8a02ef2b2ccff61ce493fc568414d473ef874a8b04b28fc7bb1c8a392c67394aR14

This comment in the micromatch repository explains it:

  • https://github.com/micromatch/micromatch/issues/264#issuecomment-2304471978

Related pull request to a 4.0.8 version:

  • https://github.com/micromatch/micromatch/pull/266

asteriscos avatar Aug 29 '24 08:08 asteriscos