Web SDK vulnerability issues for the cloned cockpit

Divya.Krishnamurthy · June 8, 2023, 9:24am

Hello,

Customer is running a security scanner in the github for cloned cockpit application, and getting critical dependabot gives multiple alerts from the c8y library. where dependabot suggest updating the c8y library to 10.18 but the latest c8y available is 10.15 for enterprise customer.Please refer attached screenshot

We would like to know how to handle these vulnerability cases.

Pawel_Rynarzewski1 · July 11, 2023, 11:54am

Hi Divya, a fix for the mentioned vulnerability will be available in 1015.0.431, so then dependabot should not need to upgrade the ng1-modules package up to 10.18.

system · January 7, 2024, 11:54am

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to resolve vulnerability issue in @C8y? Cumulocity-IoT , IoT	3	597	July 29, 2021
C8Y app builder vulnerability Cumulocity-IoT , IoT , IoT-Platform	4	792	March 17, 2022
C8y cockpit 1017.0.391 to c8y edge 10.18 Cumulocity-IoT , IoT , IoT-Edge	8	45	September 4, 2024
Web SDK 1019 changes Cumulocity-IoT , IoT	7	288	November 12, 2024
Error update the Web SDK version Cumulocity-IoT , IoT , IoT-Device-Connectivity , IoT-Edge , IoT-Platform	2	305	February 27, 2024

Web SDK vulnerability issues for the cloned cockpit

Related Topics