Check logs Sprint 13.5 week 2

[jason-upchurch]

Check logs Sprint 13.5 week 2

• Log review needs to be completed for sprint 13.1 week 2 per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

[pkfec]

FEC-CMS:

• package.json: 3
  High: Arbitrary Code Execution ([Snyk: High] Arbitrary Code Execution in sanitize-html (due 10/9/20) fec-cms#4026)
  High: Regular Expression Denial of Service (ReDoS) [Snyk: High] Regular Expression Denial of Service (ReDoS) (due 10/23/20) fec-cms#4065
  Medium: Denial of Service ([Snyk: Medium] package.json - Denial of Service (due 11/16/20) fec-cms#4043)

• requirements.txt: 2
  High: Insecure Permissions (2 vulnerabilities): [Snyk: High] 2 Insecure Permissions vulnerabilites in Django (due 10/9/20) fec-cms#4027

OPEN-FEC:

• package.json: 0

• requirements.txt: 2
  High: Directory Traversal (Due 10/02/2020 : [Snyk: High] Directory Traversal (Due 10/02/2020) fec-cms#4015
  Medium: Denial of Service (DoS) (Due 10/25/2020) [Medium severity] Denial of Service (DoS) (Due: 10/25/2020) #4588

• data/flyway/build.gradle: 0

FEC-EREGS:

• package.json: 0
• requirements.txt: 0

FEC-PATTERN-LIBRARY:

• package.json: 0

Cloud.gov Dashboard:
9 deployer accounts, same as last week.

Offboarding:
Nothing to report

[pkfec]

Completed log review for sprint 13.5 week 2.