-
Type:
Task
-
Resolution: Unresolved
-
Priority:
Minor - P4
-
Affects Version/s: None
-
Component/s: None
-
Labels:
-
2 - S (<= 1 week)
-
3491
<!---
Questions: If you have questions about HOW TO use Realm, please ask on
StackOverflow: http://stackoverflow.com/questions/ask?tags=realm
We monitor the realm tag.
Feature Request: Just fill in the first two sections below.
Bugs: To help you as fast as possible with an issue please describe your issue
and the steps you have taken to reproduce it in as much detail as possible.
-->
Goals
Currently the version of GCDWebserver (v3.5.4) that Realm uses has security vulnerabilities, more specifically GCDWebserver is currently using older versions of Bootstrap(v3.1.1) and jQuery(v1.11.0).
Here are a list of vulnerabilities.
jQuery (v1.11.0):
https://nvd.nist.gov/vuln/detail/CVE-2015-9251
https://nvd.nist.gov/vuln/detail/CVE-2019-11358
https://nvd.nist.gov/vuln/detail/CVE-2020-11022
https://nvd.nist.gov/vuln/detail/CVE-2020-11023
Bootstrap (v3.1.1):
https://nvd.nist.gov/vuln/detail/CVE-2016-10735
https://nvd.nist.gov/vuln/detail/CVE-2018-14040
https://nvd.nist.gov/vuln/detail/CVE-2018-14042
https://nvd.nist.gov/vuln/detail/CVE-2018-20676
https://nvd.nist.gov/vuln/detail/CVE-2018-20677
https://nvd.nist.gov/vuln/detail/CVE-2019-8331
Expected Results
Resolve security vulnerability.
Version of Realm and Tooling
- Realm JS SDK Version: 10.1.2