1
Bug Report / PQGrid jszip 2.5.0 vulnerabilities
« on: March 08, 2023, 05:25:27 pm »
Hello Support!.
We are currently using PQGrid v8.6.0 and have been using Veracode to track vulnerabilities and improvements. Recently, Veracode detected a high severity vulnerability related to the jszip v2.5.0 dependency used in PQGrid. The vulnerability details have been provided below:
Could it be possible to you to update PQGrid to use the latest version of jszip (or v3.8.0 or later) to address this issue?.
This vulnerability also applies to PQGrid v8.7.0.
Please refer to the following links for further details on this vulnerability:
https://nvd.nist.gov/vuln/detail/CVE-2022-48285
https://cwe.mitre.org/data/definitions/22.html
Hope you can help.
Thanks in advance.
Best regards,
Fernando.
We are currently using PQGrid v8.6.0 and have been using Veracode to track vulnerabilities and improvements. Recently, Veracode detected a high severity vulnerability related to the jszip v2.5.0 dependency used in PQGrid. The vulnerability details have been provided below:
Quote
CVE-2022-48285| CWE-22
Directory Traversal: jszip is vulnerable to Directory Traversal. The vulnerability exists as untrusted user input is not properly validated and/or sanitized, allowing an attacker to exploit the vulnerability via a crafted ZIP archive.
Could it be possible to you to update PQGrid to use the latest version of jszip (or v3.8.0 or later) to address this issue?.
This vulnerability also applies to PQGrid v8.7.0.
Please refer to the following links for further details on this vulnerability:
https://nvd.nist.gov/vuln/detail/CVE-2022-48285
https://cwe.mitre.org/data/definitions/22.html
Hope you can help.
Thanks in advance.
Best regards,
Fernando.