diff --git a/dojo/api_v2/exception_handler.py b/dojo/api_v2/exception_handler.py index 94ddbba79b9..1a0ae618e13 100644 --- a/dojo/api_v2/exception_handler.py +++ b/dojo/api_v2/exception_handler.py @@ -46,7 +46,7 @@ def custom_exception_handler(exc, context): # There is no standard error response, so we assume an unexpected # exception. It is logged but no details are given to the user, # to avoid leaking internal technical information. - logger.error(exc) + logger.error(exc, exc_info=True) # noqa: LOG014 response = Response() response.status_code = HTTP_500_INTERNAL_SERVER_ERROR response.data = {} @@ -67,6 +67,6 @@ def custom_exception_handler(exc, context): else: # HTTP status code 500 or higher are technical errors. # They get logged and we don't change the response. - logger.error(exc) + logger.error(exc, exc_info=True) # noqa: LOG014 return response diff --git a/dojo/api_v2/serializers.py b/dojo/api_v2/serializers.py index e53b0b35475..085a2c544ea 100644 --- a/dojo/api_v2/serializers.py +++ b/dojo/api_v2/serializers.py @@ -237,7 +237,8 @@ def to_internal_value(self, data): tag_validator(sub, exception_class=RestFrameworkValidationError) data_safe.extend(substrings) - return tagulous.utils.render_tags(data_safe) + logger.debug(f"result after rendering tags: {data_safe}") + return data_safe def to_representation(self, value): if not isinstance(value, list): @@ -254,44 +255,6 @@ def to_representation(self, value): return value -class TaggitSerializer(serializers.Serializer): - def create(self, validated_data): - to_be_tagged, validated_data = self._pop_tags(validated_data) - - tag_object = super().create(validated_data) - - return self._save_tags(tag_object, to_be_tagged) - - def update(self, instance, validated_data): - to_be_tagged, validated_data = self._pop_tags(validated_data) - - tag_object = super().update( - instance, validated_data, - ) - - return self._save_tags(tag_object, to_be_tagged) - - def _save_tags(self, tag_object, tags): - for key in list(tags.keys()): - tag_values = tags.get(key) - # tag_object.tags = ", ".join(tag_values) - tag_object.tags = tag_values - tag_object.save() - - return tag_object - - def _pop_tags(self, validated_data): - to_be_tagged = {} - - for key in list(self.fields.keys()): - field = self.fields[key] - if isinstance(field, TagListSerializerField): - if key in validated_data: - to_be_tagged[key] = validated_data.pop(key) - - return (to_be_tagged, validated_data) - - class RequestResponseDict(collections.UserList): def __init__(self, *args, **kwargs): pretty_print = kwargs.pop("pretty_print", True) @@ -1094,7 +1057,7 @@ class Meta: fields = "__all__" -class EngagementSerializer(TaggitSerializer, serializers.ModelSerializer): +class EngagementSerializer(serializers.ModelSerializer): tags = TagListSerializerField(required=False) class Meta: @@ -1151,7 +1114,7 @@ class Meta: fields = "__all__" -class AppAnalysisSerializer(TaggitSerializer, serializers.ModelSerializer): +class AppAnalysisSerializer(serializers.ModelSerializer): tags = TagListSerializerField(required=False) class Meta: @@ -1246,7 +1209,7 @@ def update(self, instance, validated_data): raise -class EndpointSerializer(TaggitSerializer, serializers.ModelSerializer): +class EndpointSerializer(serializers.ModelSerializer): tags = TagListSerializerField(required=False) class Meta: @@ -1440,7 +1403,7 @@ class Meta: fields = ("id", "name", "test", "jira_issue") -class TestSerializer(TaggitSerializer, serializers.ModelSerializer): +class TestSerializer(serializers.ModelSerializer): tags = TagListSerializerField(required=False) test_type_name = serializers.ReadOnlyField() finding_groups = FindingGroupSerializer( @@ -1459,7 +1422,7 @@ def build_relational_field(self, field_name, relation_info): return super().build_relational_field(field_name, relation_info) -class TestCreateSerializer(TaggitSerializer, serializers.ModelSerializer): +class TestCreateSerializer(serializers.ModelSerializer): engagement = serializers.PrimaryKeyRelatedField( queryset=Engagement.objects.all(), ) @@ -1476,7 +1439,7 @@ class Meta: exclude = ("inherited_tags",) -class TestTypeSerializer(TaggitSerializer, serializers.ModelSerializer): +class TestTypeSerializer(serializers.ModelSerializer): tags = TagListSerializerField(required=False) class Meta: @@ -1702,7 +1665,7 @@ class Meta: fields = ["vulnerability_id"] -class FindingSerializer(TaggitSerializer, serializers.ModelSerializer): +class FindingSerializer(serializers.ModelSerializer): tags = TagListSerializerField(required=False) request_response = serializers.SerializerMethodField() accepted_risks = RiskAcceptanceSerializer( @@ -1771,41 +1734,32 @@ def process_risk_acceptance(self, data): # Overriding this to push add Push to JIRA functionality def update(self, instance, validated_data): - # remove tags from validated data and store them seperately - to_be_tagged, validated_data = self._pop_tags(validated_data) - - # pop push_to_jira so it won't get send to the model as a field - # TODO: JIRA can we remove this is_push_all_issues, already checked in - # apiv2 viewset? - push_to_jira = validated_data.pop( - "push_to_jira", - ) or jira_helper.is_push_all_issues(instance) + # push_all_issues already checked in api views.py + push_to_jira = validated_data.pop("push_to_jira") # Save vulnerability ids and pop them - if "vulnerability_id_set" in validated_data: - vulnerability_id_set = validated_data.pop("vulnerability_id_set") - vulnerability_ids = [] - if vulnerability_id_set: - vulnerability_ids.extend(vulnerability_id["vulnerability_id"] for vulnerability_id in vulnerability_id_set) - save_vulnerability_ids(instance, vulnerability_ids) + parsed_vulnerability_ids = [] + if (vulnerability_ids := validated_data.pop("vulnerability_id_set", None)): + logger.debug("VULNERABILITY_ID_SET: %s", vulnerability_ids) + parsed_vulnerability_ids.extend(vulnerability_id["vulnerability_id"] for vulnerability_id in vulnerability_ids) + logger.debug("SETTING CVE FROM VULNERABILITY_ID_SET: %s", parsed_vulnerability_ids[0]) + validated_data["cve"] = parsed_vulnerability_ids[0] - instance = super(TaggitSerializer, self).update( - instance, validated_data, - ) # Save the reporter on the finding if reporter_id := validated_data.get("reporter"): instance.reporter = reporter_id - # If we need to push to JIRA, an extra save call is needed. - # Also if we need to update the mitigation date of the finding. - # TODO: try to combine create and save, but for now I'm just fixing a - # bug and don't want to change to much + instance = super().update( + instance, validated_data, + ) + + if parsed_vulnerability_ids: + save_vulnerability_ids(instance, parsed_vulnerability_ids) + if push_to_jira: - instance.save(push_to_jira=push_to_jira) + jira_helper.push_to_jira(instance) - # not sure why we are returning a tag_object, but don't want to change - # too much now as we're just fixing a bug - return self._save_tags(instance, to_be_tagged) + return instance def validate(self, data): if self.context["request"].method == "PATCH": @@ -1876,7 +1830,7 @@ def get_request_response(self, obj): return serialized_burps.data -class FindingCreateSerializer(TaggitSerializer, serializers.ModelSerializer): +class FindingCreateSerializer(serializers.ModelSerializer): notes = serializers.PrimaryKeyRelatedField( read_only=True, allow_null=True, required=False, many=True, ) @@ -1908,8 +1862,7 @@ class Meta: # Overriding this to push add Push to JIRA functionality def create(self, validated_data): - # Pop off of some fields that should not be sent to the model at this time - to_be_tagged, validated_data = self._pop_tags(validated_data) + logger.debug(f"Creating finding with validated data: {validated_data}") push_to_jira = validated_data.pop("push_to_jira", False) notes = validated_data.pop("notes", None) found_by = validated_data.pop("found_by", None) @@ -1917,12 +1870,16 @@ def create(self, validated_data): # Process the vulnerability IDs specially parsed_vulnerability_ids = [] if (vulnerability_ids := validated_data.pop("vulnerability_id_set", None)): + logger.debug("VULNERABILITY_ID_SET: %s", vulnerability_ids) parsed_vulnerability_ids.extend(vulnerability_id["vulnerability_id"] for vulnerability_id in vulnerability_ids) + logger.debug("SETTING CVE FROM VULNERABILITY_ID_SET: %s", parsed_vulnerability_ids[0]) validated_data["cve"] = parsed_vulnerability_ids[0] - # Create a findings in memory so that we have access to unsaved_vulnerability_ids - new_finding = Finding(**validated_data) - new_finding.unsaved_vulnerability_ids = parsed_vulnerability_ids - new_finding.save() + + new_finding = super().create( + validated_data) + + logger.debug(f"New finding CVE: {new_finding.cve}") + # Deal with all of the many to many things if notes: new_finding.notes.set(notes) @@ -1932,18 +1889,14 @@ def create(self, validated_data): new_finding.reviewers.set(reviewers) if parsed_vulnerability_ids: save_vulnerability_ids(new_finding, parsed_vulnerability_ids) - # TODO: JIRA can we remove this is_push_all_issues, already checked in - # apiv2 viewset? - push_to_jira = push_to_jira or jira_helper.is_push_all_issues( - new_finding, - ) - # If we need to push to JIRA, an extra save call is needed. - # TODO: try to combine create and save, but for now I'm just fixing a - # bug and don't want to change to much - if push_to_jira or new_finding: - new_finding.save(push_to_jira=push_to_jira) - # This final call will save the finding again and return it - return self._save_tags(new_finding, to_be_tagged) + # can we avoid this extra save? the cve has already been set above in validated_data. but there are no tests for this + # on finding update nothing is done # with vulnerability_ids? + # new_finding.save() + + if push_to_jira: + jira_helper.push_to_jira(new_finding) + + return new_finding def validate(self, data): if "reporter" not in data: @@ -1989,7 +1942,7 @@ class Meta: fields = ["vulnerability_id"] -class FindingTemplateSerializer(TaggitSerializer, serializers.ModelSerializer): +class FindingTemplateSerializer(serializers.ModelSerializer): tags = TagListSerializerField(required=False) vulnerability_ids = VulnerabilityIdTemplateSerializer( source="vulnerability_id_template_set", many=True, required=False, @@ -2000,7 +1953,6 @@ class Meta: exclude = ("cve",) def create(self, validated_data): - to_be_tagged, validated_data = self._pop_tags(validated_data) # Save vulnerability ids and pop them if "vulnerability_id_template_set" in validated_data: @@ -2010,7 +1962,7 @@ def create(self, validated_data): else: vulnerability_id_set = None - new_finding_template = super(TaggitSerializer, self).create( + new_finding_template = super().create( validated_data, ) @@ -2022,7 +1974,6 @@ def create(self, validated_data): ) new_finding_template.save() - self._save_tags(new_finding_template, to_be_tagged) return new_finding_template def update(self, instance, validated_data): @@ -2036,7 +1987,7 @@ def update(self, instance, validated_data): vulnerability_ids.extend(vulnerability_id["vulnerability_id"] for vulnerability_id in vulnerability_id_set) save_vulnerability_ids_template(instance, vulnerability_ids) - return super(TaggitSerializer, self).update(instance, validated_data) + return super().update(instance, validated_data) class CredentialSerializer(serializers.ModelSerializer): @@ -2080,7 +2031,7 @@ def validate_severity(self, value: str) -> str: return value -class ProductSerializer(TaggitSerializer, serializers.ModelSerializer): +class ProductSerializer(serializers.ModelSerializer): findings_count = serializers.SerializerMethodField() findings_list = serializers.SerializerMethodField() @@ -2411,7 +2362,7 @@ def save(self, *, push_to_jira=False): self.process_scan(data, context) -class ReImportScanSerializer(TaggitSerializer, CommonImportScanSerializer): +class ReImportScanSerializer(CommonImportScanSerializer): help_do_not_reactivate = "Select if the import should ignore active findings from the report, useful for triage-less scanners. Will keep existing findings closed, without reactivating them. For more information check the docs." do_not_reactivate = serializers.BooleanField( @@ -2791,7 +2742,7 @@ class TagSerializer(serializers.Serializer): tags = TagListSerializerField(required=True) -class SystemSettingsSerializer(TaggitSerializer, serializers.ModelSerializer): +class SystemSettingsSerializer(serializers.ModelSerializer): class Meta: model = System_Settings fields = "__all__" diff --git a/dojo/api_v2/views.py b/dojo/api_v2/views.py index 28c59befe08..96e90f2973e 100644 --- a/dojo/api_v2/views.py +++ b/dojo/api_v2/views.py @@ -989,13 +989,13 @@ def tags(self, request, pk=None): all_tags = serializers.TagSerializer({"tags": all_tags}).data[ "tags" ] + for tag in new_tags.validated_data["tags"]: + for sub_tag in tagulous.utils.parse_tags(tag): + if sub_tag not in all_tags: + all_tags.append(sub_tag) - for tag in tagulous.utils.parse_tags( - new_tags.validated_data["tags"], - ): - if tag not in all_tags: - all_tags.append(tag) new_tags = tagulous.utils.render_tags(all_tags) + finding.tags = new_tags finding.save() else: @@ -1238,19 +1238,18 @@ def remove_tags(self, request, pk=None): ] # serializer turns it into a string, but we need a list - del_tags = tagulous.utils.parse_tags( - delete_tags.validated_data["tags"], - ) + del_tags = delete_tags.validated_data["tags"] if len(del_tags) < 1: return Response( {"error": "Empty Tag List Not Allowed"}, status=status.HTTP_400_BAD_REQUEST, ) + for tag in del_tags: if tag not in all_tags: return Response( { - "error": f"'{tag}' is not a valid tag in list", + "error": f"'{tag}' is not a valid tag in list '{all_tags}'", }, status=status.HTTP_400_BAD_REQUEST, ) @@ -2508,7 +2507,7 @@ def perform_create(self, serializer): jira_driver = engagement or (product or None) if jira_project := (jira_helper.get_jira_project(jira_driver) if jira_driver else None): push_to_jira = push_to_jira or jira_project.push_all_issues - logger.debug(f"push_to_jira: {push_to_jira}") + # logger.debug(f"push_to_jira: {push_to_jira}") serializer.save(push_to_jira=push_to_jira) def get_queryset(self): diff --git a/dojo/jira_link/helper.py b/dojo/jira_link/helper.py index 8d96293588d..ee7b16da7f1 100644 --- a/dojo/jira_link/helper.py +++ b/dojo/jira_link/helper.py @@ -667,6 +667,9 @@ def push_to_jira(obj, *args, **kwargs): raise ValueError(msg) if isinstance(obj, Finding): + if obj.has_finding_group: + logger.debug("pushing finding group for %s to JIRA", obj) + return push_finding_group_to_jira(obj.finding_group, *args, **kwargs) return push_finding_to_jira(obj, *args, **kwargs) if isinstance(obj, Finding_Group): diff --git a/dojo/models.py b/dojo/models.py index 9e5cd5137f2..caea5a53894 100644 --- a/dojo/models.py +++ b/dojo/models.py @@ -2678,7 +2678,6 @@ def __str__(self): def save(self, dedupe_option=True, rules_option=True, product_grading_option=True, # noqa: FBT002 issue_updater_option=True, push_to_jira=False, user=None, *args, **kwargs): # noqa: FBT002 - this is bit hard to fix nice have this universally fixed logger.debug("Start saving finding of id " + str(self.id) + " dedupe_option:" + str(dedupe_option) + " (self.pk is %s)", "None" if self.pk is None else "not None") - from dojo.finding import helper as finding_helper # if not isinstance(self.date, (datetime, date)): diff --git a/unittests/dojo_test_case.py b/unittests/dojo_test_case.py index 1851a84ba75..031984b6ede 100644 --- a/unittests/dojo_test_case.py +++ b/unittests/dojo_test_case.py @@ -106,10 +106,10 @@ def create_product(self, name, *args, description="dummy description", prod_type product.save() return product - def patch_product_api(self, product_id, product_details): + def patch_product_api(self, product_id, product_details: dict, expected_status_code: int = 200): payload = copy.deepcopy(product_details) response = self.client.patch(reverse("product-list") + f"{product_id}/", payload, format="json") - self.assertEqual(200, response.status_code, response.content[:1000]) + self.assertEqual(expected_status_code, response.status_code, response.content[:1000]) return response.data def patch_endpoint_api(self, endpoint_id, endpoint_details): @@ -784,6 +784,23 @@ def log_finding_summary_json_api(self, findings_content_json=None): for eps in Endpoint_Status.objects.all(): logger.debug(str(eps.id) + ": " + str(eps.endpoint) + ": " + str(eps.endpoint.id) + ": " + str(eps.mitigated)) + def get_product_api(self, product_id): + response = self.client.get(reverse("product-list") + f"{product_id}/", format="json") + self.assertEqual(200, response.status_code, response.content[:1000]) + return response.data + + def post_new_product_api(self, product_details: dict, expected_status_code: int = 201): + payload = copy.deepcopy(product_details) + response = self.client.post(reverse("product-list"), payload, format="json") + self.assertEqual(expected_status_code, response.status_code, response.content[:1000]) + return response.data + + def put_product_api(self, product_id, product_details: dict, expected_status_code: int = 201): + payload = copy.deepcopy(product_details) + response = self.client.put(reverse("product-list") + f"{product_id}/", payload, format="json") + self.assertEqual(expected_status_code, response.status_code, response.content[:1000]) + return response.data + class DojoVCRTestCase(DojoTestCase, VCRTestCase): def __init__(self, *args, **kwargs): diff --git a/unittests/test_finding_helper.py b/unittests/test_finding_helper.py index 25cd123ef16..c6d1d65008d 100644 --- a/unittests/test_finding_helper.py +++ b/unittests/test_finding_helper.py @@ -6,11 +6,13 @@ from crum import impersonate from django.contrib.auth.models import User from django.utils import timezone +from rest_framework.authtoken.models import Token +from rest_framework.test import APIClient from dojo.finding.helper import save_vulnerability_ids, save_vulnerability_ids_template from dojo.models import Finding, Finding_Template, Test, Vulnerability_Id, Vulnerability_Id_Template -from .dojo_test_case import DojoTestCase +from .dojo_test_case import DojoAPITestCase, DojoTestCase logger = logging.getLogger(__name__) @@ -245,3 +247,91 @@ def test_save_vulnerability_id_templates(self, save_mock, delete_mock, filter_mo delete_mock.assert_called_once() self.assertEqual(save_mock.call_count, 2) self.assertEqual("REF-1", finding_template.cve) + + +class TestFindingVulnerabilityIdsAPI(DojoAPITestCase): + fixtures = ["dojo_testdata.json"] + + def setUp(self): + super().setUp() + self.system_settings(enable_jira=True) + self.testuser = User.objects.get(username="admin") + self.testuser.usercontactinfo.block_execution = True + self.testuser.usercontactinfo.save() + token = Token.objects.get(user=self.testuser) + self.client = APIClient() + self.client.credentials(HTTP_AUTHORIZATION="Token " + token.key) + self.client.force_login(self.get_test_admin()) + + def test_finding_create_without_cve(self): + # use existing finding as template for a new finding. this finding has no cve + finding_details = self.get_finding_api(2) + del finding_details["id"] + if "cve" in finding_details: + del finding_details["cve"] + new_vulnerability_ids = [ + {"vulnerability_id": "RHSA-12345"}, + {"vulnerability_id": "GHSA-7890"}, + ] + finding_details["vulnerability_ids"] = new_vulnerability_ids + response = self.post_new_finding_api(finding_details) + # assert resopnse data + self.assertIsNone(response.get("cve")) + self.assertEqual(new_vulnerability_ids, response.get("vulnerability_ids")) + + # assert GET finding + finding_id = response.get("id") + response = self.get_finding_api(finding_id) + self.assertIsNone(response.get("cve")) + self.assertEqual(new_vulnerability_ids, response.get("vulnerability_ids")) + + def test_finding_create_with_cve(self): + # use existing finding as template for a new finding. this finding has no cve + finding_details = self.get_finding_api(2) + del finding_details["id"] + if "cve" in finding_details: + del finding_details["cve"] + new_vulnerability_ids = [ + {"vulnerability_id": "CVE-2025-12345"}, + {"vulnerability_id": "RHSA-12345"}, + {"vulnerability_id": "GHSA-7890"}, + ] + finding_details["vulnerability_ids"] = new_vulnerability_ids + response = self.post_new_finding_api(finding_details) + # assert response data + self.assertEqual(new_vulnerability_ids, response.get("vulnerability_ids")) + + # CVE is not in the response, so get it fromt the database + self.assertEqual("CVE-2025-12345", Finding.objects.get(id=response.get("id")).cve) + + def test_finding_create_and_update_with_cve(self): + # use existing finding as template for a new finding. this finding has no cve + finding_details = self.get_finding_api(2) + del finding_details["id"] + if "cve" in finding_details: + del finding_details["cve"] + new_vulnerability_ids = [ + {"vulnerability_id": "CVE-2025-12345"}, + {"vulnerability_id": "RHSA-12345"}, + {"vulnerability_id": "GHSA-7890"}, + ] + finding_details["vulnerability_ids"] = new_vulnerability_ids + response = self.post_new_finding_api(finding_details) + finding_id = response.get("id") + # assert resopnse data + self.assertEqual(new_vulnerability_ids, response.get("vulnerability_ids")) + + # CVE is not in the response, so get it fromt the database + self.assertEqual("CVE-2025-12345", Finding.objects.get(id=finding_id).cve) + + # change vulnerability_id and remove cve + updated_vulnerability_ids = [ + {"vulnerability_id": "RHSA-000000"}, + ] + response = self.patch_finding_api(finding_id, {"vulnerability_ids": updated_vulnerability_ids}) + # assert resopnse data + self.assertEqual(updated_vulnerability_ids, response.get("vulnerability_ids")) + + # CVE is not in the response, so get it fromt the database + # current behaviour is that the cve is taken from the first vulnerability_id... + self.assertEqual("RHSA-000000", Finding.objects.get(id=finding_id).cve) diff --git a/unittests/test_jira_import_and_pushing_api.py b/unittests/test_jira_import_and_pushing_api.py index 6c0bcb0d26a..cb22298e7a9 100644 --- a/unittests/test_jira_import_and_pushing_api.py +++ b/unittests/test_jira_import_and_pushing_api.py @@ -476,7 +476,7 @@ def test_groups_create_edit_update_finding(self): # both findings inactive -> should update status in JIRA self.assertNotEqual(pre_jira_status, post_jira_status) - # new finding, not pushed to JIRA + # new finding, not pushed to JIRA. no new issue, still 1 group issue # use existing finding as template, but change some fields to make it not a duplicate self.get_finding_api(findings["results"][0]["id"]) @@ -506,6 +506,7 @@ def test_groups_create_edit_update_finding(self): finding_details["title"] = "jira api test 3" finding_details["component_name"] = "pg" + # post without pushing to JIRA new_finding_json = self.post_new_finding_api(finding_details) self.assert_jira_issue_count_in_test(test_id, 1) self.assert_jira_group_issue_count_in_test(test_id, 1) @@ -517,6 +518,7 @@ def test_groups_create_edit_update_finding(self): # no way to set finding group easily via API yet Finding_Group.objects.get(id=finding_group_id).findings.add(Finding.objects.get(id=new_finding_json["id"])) + # now pushing to JIRA should result a new group issue self.patch_finding_api(new_finding_json["id"], {"push_to_jira": True}) self.assert_jira_issue_count_in_test(test_id, 1) diff --git a/unittests/test_tags.py b/unittests/test_tags.py index 5be9f65db1c..1e89c4c7f15 100644 --- a/unittests/test_tags.py +++ b/unittests/test_tags.py @@ -1,7 +1,7 @@ import logging import random -from dojo.models import Finding, Test +from dojo.models import Finding, Product, Test from dojo.product.helpers import propagate_tags_on_product_sync from .dojo_test_case import DojoAPITestCase, get_unit_tests_scans_path @@ -18,6 +18,53 @@ def setUp(self, *args, **kwargs): self.scans_path = get_unit_tests_scans_path("zap") self.zap_sample5_filename = self.scans_path / "5_zap_sample_one.xml" + def test_create_product_with_tags(self, expected_status_code: int = 201): + product_id = Product.objects.all().first().id + product_details = self.get_product_api(product_id) + + del product_details["id"] + + product_details["name"] = "tags test " + str(random.randint(1, 9999)) # noqa: S311 + product_details["tags"] = ["tag1", "tag2"] + response = self.post_new_product_api(product_details, expected_status_code=expected_status_code) + + self.assertEqual(response["tags"], product_details["tags"]) + + def test_put_product_with_tags(self): + product_id = Product.objects.all().first().id + product_details = self.get_product_api(product_id) + + del product_details["id"] + + product_details["name"] = "tags test " + str(random.randint(1, 9999)) # noqa: S311 + product_details["tags"] = ["tag4", "tag5"] + response = self.put_product_api(product_id, product_details, expected_status_code=200) + + self.assertEqual(response["tags"], product_details["tags"]) + + def test_patch_product_with_tags(self): + product_id = Product.objects.all().first().id + product_details = self.get_product_api(product_id) + + del product_details["id"] + + product_details["tags"] = ["tag9", "tag10"] + response = self.patch_product_api(product_id, product_details, expected_status_code=200) + + self.assertEqual(response["tags"], product_details["tags"]) + + def test_patch_product_with_invalid_tags(self): + product_id = Product.objects.all().first().id + + product_details = {"tags": ["'tag9"]} + self.patch_product_api(product_id, product_details, expected_status_code=400) + product_details["tags"] = ["tag 10"] + self.patch_product_api(product_id, product_details, expected_status_code=400) + product_details["tags"] = ["tagA,tagB"] + # since https://github.com/DefectDojo/django-DefectDojo/pull/12434 tags are split again by commas + response = self.patch_product_api(product_id, product_details, expected_status_code=200) + self.assertEqual(response["tags"], ["tagA", "tagB"]) + def create_finding_with_tags(self, tags: list[str], expected_status_code: int = 201): finding_id = Finding.objects.all().first().id finding_details = self.get_finding_api(finding_id) @@ -143,7 +190,7 @@ def test_finding_put_remove_tags_non_existent(self): response = self.put_finding_remove_tags_api(finding_id, tags_remove, expected_response_status_code=400) # for some reason this method returns just a message, not the remaining tags - self.assertEqual(response["error"], "'tag5' is not a valid tag in list") + self.assertEqual(response["error"], "'tag5' is not a valid tag in list '['tag1', 'tag2']'") # retrieve finding and check tags_merged = list(set(tags) - set(tags_remove)) @@ -163,6 +210,17 @@ def test_finding_patch_remove_tags_all(self): def test_finding_patch_remove_tags_non_existent(self): return self.test_finding_put_remove_tags_non_existent() + def test_finding_create_tags_with_commas(self): + tags = ["one,two"] + finding_id = self.create_finding_with_tags(tags) + response = self.get_finding_tags_api(finding_id) + + # since https://github.com/DefectDojo/django-DefectDojo/pull/12434 tags are split again by commas + self.assertEqual(["one", "two"], response.get("tags")) + self.assertEqual(2, len(response.get("tags"))) + self.assertIn("one", str(response["tags"])) + self.assertIn("two", str(response["tags"])) + def test_finding_create_tags_with_spaces(self): tags = ["one two"] self.create_finding_with_tags(tags, expected_status_code=400) diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml index aad8c543f74..7741f01b74d 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml @@ -2,14 +2,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": null, - "url_ui": "http://localhost:8080/test/95", "url_api": "http://localhost:8080/api/v2/tests/95/", + "url_ui": "http://localhost:8080/test/90", "url_api": "http://localhost:8080/api/v2/tests/90/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 95, "url_ui": "http://localhost:8080/test/95", "url_api": "http://localhost:8080/api/v2/tests/95/"}}' + 90, "url_ui": "http://localhost:8080/test/90", "url_api": "http://localhost:8080/api/v2/tests/90/"}}' headers: Accept: - application/json @@ -24,7 +24,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.47.1 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -38,22 +38,22 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"844\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.47.1\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:33148\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:39654\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/95\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/95/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/90\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/90/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 95, \\\"url_ui\\\": \\\"http://localhost:8080/test/95\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/95/\\\"}}\",\n \"files\": + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 90, \\\"url_ui\\\": \\\"http://localhost:8080/test/90\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/90/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -63,11 +63,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 95,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/95/\",\n - \ \"url_ui\": \"http://localhost:8080/test/95\"\n },\n \"title\": + 90,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/90/\",\n + \ \"url_ui\": \"http://localhost:8080/test/90\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/95/\",\n \"url_ui\": - \"http://localhost:8080/test/95\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/90/\",\n \"url_ui\": + \"http://localhost:8080/test/90\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -76,7 +76,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:24:39 GMT + - Sun, 15 Jun 2025 08:53:48 GMT Transfer-Encoding: - chunked status: @@ -85,31 +85,31 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": - null, "url_ui": "http://localhost:8080/test/95", "url_api": "http://localhost:8080/api/v2/tests/95/", + null, "url_ui": "http://localhost:8080/test/90", "url_api": "http://localhost:8080/api/v2/tests/90/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 95, "url_ui": "http://localhost:8080/test/95", "url_api": "http://localhost:8080/api/v2/tests/95/"}, - "finding_count": 5, "findings": {"new": [{"id": 246, "title": "Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/246", - "url_api": "http://localhost:8080/api/v2/findings/246/"}, {"id": 247, "title": + 90, "url_ui": "http://localhost:8080/test/90", "url_api": "http://localhost:8080/api/v2/tests/90/"}, + "finding_count": 5, "findings": {"new": [{"id": 232, "title": "Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/232", + "url_api": "http://localhost:8080/api/v2/findings/232/"}, {"id": 233, "title": "2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": - "High", "url_ui": "http://localhost:8080/finding/247", "url_api": "http://localhost:8080/api/v2/findings/247/"}, - {"id": 248, "title": "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 + "High", "url_ui": "http://localhost:8080/finding/233", "url_api": "http://localhost:8080/api/v2/findings/233/"}, + {"id": 234, "title": "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 - || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/248", - "url_api": "http://localhost:8080/api/v2/findings/248/"}, {"id": 249, "title": + || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/234", + "url_api": "http://localhost:8080/api/v2/findings/234/"}, {"id": 235, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", "severity": "High", - "url_ui": "http://localhost:8080/finding/249", "url_api": "http://localhost:8080/api/v2/findings/249/"}, - {"id": 250, "title": "2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 + "url_ui": "http://localhost:8080/finding/235", "url_api": "http://localhost:8080/api/v2/findings/235/"}, + {"id": 236, "title": "2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 - < 7.0.2 || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/250", - "url_api": "http://localhost:8080/api/v2/findings/250/"}], "reactivated": [], + < 7.0.2 || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/236", + "url_api": "http://localhost:8080/api/v2/findings/236/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -125,7 +125,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.47.1 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -139,82 +139,82 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"2367\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.47.1\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:33160\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:39662\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", - \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/95\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/95/\\\", \\\"product_type\\\": + \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/90\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/90/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 95, \\\"url_ui\\\": \\\"http://localhost:8080/test/95\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/95/\\\"}, \\\"finding_count\\\": - 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 246, \\\"title\\\": \\\"Regular + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 90, \\\"url_ui\\\": \\\"http://localhost:8080/test/90\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/90/\\\"}, \\\"finding_count\\\": + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 232, \\\"title\\\": \\\"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/246\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/246/\\\"}, {\\\"id\\\": 247, \\\"title\\\": + \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/232\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/232/\\\"}, {\\\"id\\\": 233, \\\"title\\\": \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", - \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/247\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/247/\\\"}, {\\\"id\\\": - 248, \\\"title\\\": \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 + \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/233\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/233/\\\"}, {\\\"id\\\": + 234, \\\"title\\\": \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", - \\\"url_ui\\\": \\\"http://localhost:8080/finding/248\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/248/\\\"}, {\\\"id\\\": 249, \\\"title\\\": + \\\"url_ui\\\": \\\"http://localhost:8080/finding/234\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/234/\\\"}, {\\\"id\\\": 235, \\\"title\\\": \\\"Regular Expression Denial of Service - (Fresh, < 0.5.2)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/249\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/249/\\\"}, {\\\"id\\\": 250, \\\"title\\\": + \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/235\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/235/\\\"}, {\\\"id\\\": 236, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/250\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/250/\\\"}], + \\\"http://localhost:8080/finding/236\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/236/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \ \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 246,\n \"severity\": \"High\",\n \"title\": + \ \"id\": 232,\n \"severity\": \"High\",\n \"title\": \"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/246/\",\n \"url_ui\": \"http://localhost:8080/finding/246\"\n - \ },\n {\n \"id\": 247,\n \"severity\": \"High\",\n + \"http://localhost:8080/api/v2/findings/232/\",\n \"url_ui\": \"http://localhost:8080/finding/232\"\n + \ },\n {\n \"id\": 233,\n \"severity\": \"High\",\n \ \"title\": \"2222Regular Expression Denial of Service - (Negotiator, - <= 0.6.0)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/247/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/247\"\n },\n - \ {\n \"id\": 248,\n \"severity\": \"High\",\n \"title\": + <= 0.6.0)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/233/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/233\"\n },\n + \ {\n \"id\": 234,\n \"severity\": \"High\",\n \"title\": \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= - 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/248/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/248\"\n },\n - \ {\n \"id\": 249,\n \"severity\": \"High\",\n \"title\": + 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/234/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/234\"\n },\n + \ {\n \"id\": 235,\n \"severity\": \"High\",\n \"title\": \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/249/\",\n \"url_ui\": \"http://localhost:8080/finding/249\"\n - \ },\n {\n \"id\": 250,\n \"severity\": \"High\",\n + \"http://localhost:8080/api/v2/findings/235/\",\n \"url_ui\": \"http://localhost:8080/finding/235\"\n + \ },\n {\n \"id\": 236,\n \"severity\": \"High\",\n \ \"title\": \"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/250/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/250\"\n }\n ],\n + || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/236/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/236\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 95,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/95/\",\n - \ \"url_ui\": \"http://localhost:8080/test/95\"\n },\n \"title\": + 90,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/90/\",\n + \ \"url_ui\": \"http://localhost:8080/test/90\"\n },\n \"title\": \"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: - NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/95/\",\n - \ \"url_ui\": \"http://localhost:8080/test/95\",\n \"user\": null\n }\n}\n" + NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/90/\",\n + \ \"url_ui\": \"http://localhost:8080/test/90\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -223,7 +223,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:24:39 GMT + - Sun, 15 Jun 2025 08:53:48 GMT Transfer-Encoding: - chunked status: @@ -243,17 +243,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:39.932+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-06-12T13:14:20.000+0200","serverTime":"2025-06-15T10:53:52.926+0200","scmInfo":"6fa229d2fa3e2d6a8c6255d341c61c2906efbf35","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - cc820c2e-9ca2-4519-9698-37dcfbf0c5d2 + - 9b11ee74-c15c-430f-8411-39aa1ed4699b Atl-Traceid: - - cc820c2e9ca24519969837dcfbf0c5d2 + - 9b11ee74c15c430f841139aa1ed4699b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -263,7 +263,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:39 GMT + - Sun, 15 Jun 2025 08:53:53 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -273,7 +273,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=190,atl-edge;dur=157,atl-edge-internal;dur=13,atl-edge-upstream;dur=144,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="-ThbNIAM1F3mtoALGTKiG0ufm1hyzAsQwZ0ogbxYiw8w-yDaIafv5Q==",cdn-downstream-fbl;dur=194 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=1030,atl-edge;dur=1024,atl-edge-internal;dur=49,atl-edge-upstream;dur=969,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="cCn-oBnivBCuQCl4VzT6jUo9Wkah1zronU_rP5o9vioyW4UrnRNx-w==",cdn-downstream-fbl;dur=1034 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -283,15 +283,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e665d09233240df4d3172e59222e0ba2.cloudfront.net (CloudFront) + - 1.1 60a3c74b395afbd3a50d71e59ea19eca.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - -ThbNIAM1F3mtoALGTKiG0ufm1hyzAsQwZ0ogbxYiw8w-yDaIafv5Q== + - cCn-oBnivBCuQCl4VzT6jUo9Wkah1zronU_rP5o9vioyW4UrnRNx-w== X-Amz-Cf-Pop: - - DFW57-P1 + - SYD62-P1 X-Arequestid: - - 330e3d7578e61dd9efbf9c1936dcb048 + - 4fee0b727ac69cc5b36a921b0fb2e2f7 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -315,7 +315,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -329,9 +329,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 661547e1-34da-4a05-880a-137bd382a4fc + - 35ad9517-4d0a-400d-af85-ae81e1cd6b28 Atl-Traceid: - - 661547e134da4a05880a137bd382a4fc + - 35ad95174d0a400daf85ae81e1cd6b28 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -341,7 +341,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:40 GMT + - Sun, 15 Jun 2025 08:53:54 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -351,7 +351,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="2pf4NSJC1OK4MhtPZfTNSjhlL5X98A4zmJyr7HccSASlkpSv_4Efiw==",cdn-downstream-fbl;dur=377,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=61,cdn-upstream-fbl;dur=374,atl-edge;dur=285,atl-edge-internal;dur=22,atl-edge-upstream;dur=269,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=1031,atl-edge;dur=1024,atl-edge-internal;dur=21,atl-edge-upstream;dur=1000,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="6cKRifFz8Zz3CM6gHypTUL8ySRVEwuD3TVd7_jLwVaTGQ_llDMPmTQ==",cdn-downstream-fbl;dur=1035 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -361,18 +361,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f266ac47d4aee3a84c8fc38a6ef92022.cloudfront.net (CloudFront) + - 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 2pf4NSJC1OK4MhtPZfTNSjhlL5X98A4zmJyr7HccSASlkpSv_4Efiw== + - 6cKRifFz8Zz3CM6gHypTUL8ySRVEwuD3TVd7_jLwVaTGQ_llDMPmTQ== X-Amz-Cf-Pop: - - ORD58-P1 + - SYD62-P1 X-Arequestid: - - 2ee683b4b6a21ed4b1fb72c0a0845c3a + - ea2163e16ff80a3689b7d1bb84f10c51 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -386,19 +386,19 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n|| Severity || CVE || + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247] + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 + (233)\n*Severity:* High\n *Due Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -408,9 +408,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -430,21 +430,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3332' + - '3337' Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18183","key":"NTEST-1844","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18183"}' + string: '{"id":"20032","key":"NTEST-3052","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032"}' headers: Atl-Request-Id: - - 0b28c080-a4e2-4744-9127-8dd372c0b1dd + - 4c0eb36c-b0e2-4ef0-aefa-81f21cae20d3 Atl-Traceid: - - 0b28c080a4e2474491278dd372c0b1dd + - 4c0eb36cb0e24ef0aefa81f21cae20d3 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -452,7 +452,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:41 GMT + - Sun, 15 Jun 2025 08:53:57 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -462,7 +462,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=662,atl-edge;dur=629,atl-edge-internal;dur=17,atl-edge-upstream;dur=612,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="j-16L-TyBEWy2wSJ0ZKHkm73ZwAtBHvlEGF-6oY58UkcC3Ms86p7zA==",cdn-downstream-fbl;dur=667 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=1902,atl-edge;dur=1896,atl-edge-internal;dur=19,atl-edge-upstream;dur=1874,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="y-1kcxlkH7HjvyTW4loYJw1quTUI1j5niEulX86PNV7fNf4n5-3rew==",cdn-downstream-fbl;dur=1906 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -472,15 +472,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 ae39d1ac6bb931d0ff3d636fc3e249de.cloudfront.net (CloudFront) + - 1.1 26131a3cde08b60652129237128292a2.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - j-16L-TyBEWy2wSJ0ZKHkm73ZwAtBHvlEGF-6oY58UkcC3Ms86p7zA== + - y-1kcxlkH7HjvyTW4loYJw1quTUI1j5niEulX86PNV7fNf4n5-3rew== X-Amz-Cf-Pop: - - DFW57-P1 + - SYD3-P2 X-Arequestid: - - ae2b023fe67188756758f207ec258aed + - 59fa10cc38bfa430ebcb00b106cf822a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -504,30 +504,30 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1844 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18183","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18183","key":"NTEST-1844","fields":{"statuscategorychangedate":"2025-04-30T18:24:41.238+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:53:57.644+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1844/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:40.963+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t07:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:41.043+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:53:57.122+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n|| Severity || CVE || + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247] + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 + (233)\n*Severity:* High\n *Due Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -537,9 +537,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -549,14 +549,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1844/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18183/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - d9cdd71e-7802-4f03-a158-d82cb8dbebf5 + - c315fad0-09a8-4961-882e-16e5174be28b Atl-Traceid: - - d9cdd71e78024f03a158d82cb8dbebf5 + - c315fad009a84961882e16e5174be28b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -566,7 +566,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:41 GMT + - Sun, 15 Jun 2025 08:53:59 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -576,7 +576,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=19,cdn-upstream-fbl;dur=336,atl-edge;dur=259,atl-edge-internal;dur=16,atl-edge-upstream;dur=243,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="S-lxvv--6xrtBktp1icf70y0qVj89k6AbnV-kHhjqvYSly_hFygzkw==",cdn-downstream-fbl;dur=340 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=665,atl-edge;dur=659,atl-edge-internal;dur=19,atl-edge-upstream;dur=638,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="cFMy573P74gpQqLCPvBlQV3V0iYygEJBKBwL705ojRzzg6tg6EtFjw==",cdn-downstream-fbl;dur=669 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -586,15 +586,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 452324c4cfd54555e3a2d8c074edaf78.cloudfront.net (CloudFront) + - 1.1 0b8c49517c533bb6e0c14033e0c899b0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - S-lxvv--6xrtBktp1icf70y0qVj89k6AbnV-kHhjqvYSly_hFygzkw== + - cFMy573P74gpQqLCPvBlQV3V0iYygEJBKBwL705ojRzzg6tg6EtFjw== X-Amz-Cf-Pop: - - ORD58-P1 + - SYD62-P3 X-Arequestid: - - 8479611c4e8c58900f053d66e3f1efd5 + - 1e25789ec28b30781d47bb8d9b40fa4e X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -618,30 +618,30 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18183 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18183","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18183","key":"NTEST-1844","fields":{"statuscategorychangedate":"2025-04-30T18:24:41.238+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:53:57.644+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1844/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:40.963+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t07:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:41.043+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:53:57.122+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n|| Severity || CVE || + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247] + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 + (233)\n*Severity:* High\n *Due Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -651,9 +651,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -663,14 +663,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1844/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18183/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 508efe33-4842-4101-9c71-8e3ce27a33a3 + - ae5dd052-10be-40aa-bf01-f34b72badf0b Atl-Traceid: - - 508efe33484241019c718e3ce27a33a3 + - ae5dd05210be40aabf01f34b72badf0b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -680,7 +680,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:42 GMT + - Sun, 15 Jun 2025 08:54:01 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -690,7 +690,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="bdFC2axV3JhpBaC6FW6fFcTSQc6lyj7XyxrlW4vCqiMDz8sixvSI1g==",cdn-downstream-fbl;dur=346,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=55,cdn-upstream-fbl;dur=344,atl-edge;dur=268,atl-edge-internal;dur=17,atl-edge-upstream;dur=252,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=976,atl-edge;dur=969,atl-edge-internal;dur=22,atl-edge-upstream;dur=945,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="9PxQraP-V8cg-BS8M_jjZLKbTvGaFJIMJcPo_QeyX268HzinAJJ7lg==",cdn-downstream-fbl;dur=979 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -700,15 +700,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 48f2e5da4dd7651bfa3bfd0054610cf4.cloudfront.net (CloudFront) + - 1.1 dc5b7b7a6895b629c6cb8eef5910309e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - bdFC2axV3JhpBaC6FW6fFcTSQc6lyj7XyxrlW4vCqiMDz8sixvSI1g== + - 9PxQraP-V8cg-BS8M_jjZLKbTvGaFJIMJcPo_QeyX268HzinAJJ7lg== X-Amz-Cf-Pop: - - ORD56-P1 + - SYD3-P2 X-Arequestid: - - ab9a5da15b302f25460dc1ef59eff39d + - 3d0cfb1587189c49572adbd91227ab0e X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -732,17 +732,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:42.704+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-06-12T13:14:20.000+0200","serverTime":"2025-06-15T10:54:03.007+0200","scmInfo":"6fa229d2fa3e2d6a8c6255d341c61c2906efbf35","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 96ba6139-3377-4186-a494-1a5e267a0da5 + - d43e4b67-6f3e-44b3-a24c-59c43487c90b Atl-Traceid: - - 96ba613933774186a4941a5e267a0da5 + - d43e4b676f3e44b3a24c59c43487c90b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -752,7 +752,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:42 GMT + - Sun, 15 Jun 2025 08:54:03 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -762,7 +762,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="A8DRKzPPjzGiHotIKUxZQfdm_oFBzx5DYrxzW2_T5-8Q6QHqiEWYFw==",cdn-downstream-fbl;dur=283,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=64,cdn-upstream-fbl;dur=280,atl-edge;dur=192,atl-edge-internal;dur=14,atl-edge-upstream;dur=177,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=873,atl-edge;dur=867,atl-edge-internal;dur=17,atl-edge-upstream;dur=848,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="rqzUiAVTlA-SvAHHN-aydS9LePELbZCRr-GEYaSkE1KsFcO4bUl6UA==",cdn-downstream-fbl;dur=878 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -772,15 +772,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 452324c4cfd54555e3a2d8c074edaf78.cloudfront.net (CloudFront) + - 1.1 8ccca629f0b1ca48e2e69a056f61f9a6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - A8DRKzPPjzGiHotIKUxZQfdm_oFBzx5DYrxzW2_T5-8Q6QHqiEWYFw== + - rqzUiAVTlA-SvAHHN-aydS9LePELbZCRr-GEYaSkE1KsFcO4bUl6UA== X-Amz-Cf-Pop: - - ORD58-P1 + - SYD62-P3 X-Arequestid: - - 51329fa92fc9ddeba00d0ef0f8b79597 + - 2c859b18678e5ee34c6be5189a385cf2 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -804,30 +804,30 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18183 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18183","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18183","key":"NTEST-1844","fields":{"statuscategorychangedate":"2025-04-30T18:24:41.238+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:53:57.644+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1844/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:40.963+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t07:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:41.043+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:53:57.122+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n|| Severity || CVE || + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247] + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 + (233)\n*Severity:* High\n *Due Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -837,9 +837,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -849,14 +849,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1844/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18183/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 5cef418a-e96b-4e9c-8b30-5531187706b4 + - 6adaa3c6-9053-4222-8cd8-a4389cf3140f Atl-Traceid: - - 5cef418ae96b4e9c8b305531187706b4 + - 6adaa3c6905342228cd8a4389cf3140f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -866,7 +866,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:43 GMT + - Sun, 15 Jun 2025 08:54:04 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -876,7 +876,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=326,atl-edge;dur=293,atl-edge-internal;dur=36,atl-edge-upstream;dur=254,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="cSdedlHRt5uagp4FwzTdk9BTfjKDvUGOo3JiTrjIApfz7SqCQB5iNw==",cdn-downstream-fbl;dur=329 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=469,atl-edge;dur=462,atl-edge-internal;dur=19,atl-edge-upstream;dur=445,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="vreVDaZqC5bscsHB61xGgOYzYoCgLbuj6OMHd_KAUzU3eAq_jCnZ8w==",cdn-downstream-fbl;dur=474 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -886,15 +886,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 cbe94ab27088fc4bb73abf8e3179b3d2.cloudfront.net (CloudFront) + - 1.1 505047c0efc37a1900f1288c6f749f90.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - cSdedlHRt5uagp4FwzTdk9BTfjKDvUGOo3JiTrjIApfz7SqCQB5iNw== + - vreVDaZqC5bscsHB61xGgOYzYoCgLbuj6OMHd_KAUzU3eAq_jCnZ8w== X-Amz-Cf-Pop: - - DFW57-P1 + - SYD62-P3 X-Arequestid: - - b7a40742e489abec83e6493549fc59fd + - 3f37495d84bf741d9364558efafc452d X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -918,7 +918,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -932,9 +932,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 9bcbcd72-4b32-437e-a4ed-eb5aa1426898 + - 22354fc2-0e9b-4aa0-a302-2bba425db318 Atl-Traceid: - - 9bcbcd724b32437ea4edeb5aa1426898 + - 22354fc20e9b4aa0a3022bba425db318 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -944,7 +944,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:43 GMT + - Sun, 15 Jun 2025 08:54:05 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -954,7 +954,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=361,atl-edge;dur=329,atl-edge-internal;dur=16,atl-edge-upstream;dur=313,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="j5OGcuC7mGyPY88q0me62SSb3X7uCFprlfuleKEhUBxvLMT12thxxw==",cdn-downstream-fbl;dur=366 + - cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="3izIxD0kaPVqSQox5sDbgBhOoij1vcwL2kYyi4RS1bFImCQOYOQOSw==",cdn-downstream-fbl;dur=537,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=4,cdn-upstream-fbl;dur=534,atl-edge;dur=526,atl-edge-internal;dur=17,atl-edge-upstream;dur=510,atl-edge-pop;desc="aws-ap-southeast-2" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -964,18 +964,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 ad310b4d7c581c35032fa3fce068e53c.cloudfront.net (CloudFront) + - 1.1 59b0eb2f33939f549a18868a652690fe.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - j5OGcuC7mGyPY88q0me62SSb3X7uCFprlfuleKEhUBxvLMT12thxxw== + - 3izIxD0kaPVqSQox5sDbgBhOoij1vcwL2kYyi4RS1bFImCQOYOQOSw== X-Amz-Cf-Pop: - - DFW57-P1 + - SYD3-P1 X-Arequestid: - - 0fb440f38ed07e7ee8a5ca42f706d5d5 + - 32b1c5c52c61ed8d3809923d46136feb X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -989,19 +989,19 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n|| Severity || CVE || + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247] + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 + (233)\n*Severity:* High\n *Due Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1011,9 +1011,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1033,21 +1033,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3316' + - '3321' Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18183 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 response: body: string: '' headers: Atl-Request-Id: - - cd3b7fdc-d0f0-453b-8fd1-9ce636ebaf86 + - aa6b2a25-1051-4101-81c5-e353c5152197 Atl-Traceid: - - cd3b7fdcd0f0453b8fd19ce636ebaf86 + - aa6b2a251051410181c5e353c5152197 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1055,7 +1055,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:44 GMT + - Sun, 15 Jun 2025 08:54:07 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1065,7 +1065,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=305,atl-edge;dur=286,atl-edge-internal;dur=15,atl-edge-upstream;dur=270,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="O66w4ISug0EogE22uL-nTvxzTSVxodTGFGnz562bxUSuiZdf9Yulfw==",cdn-downstream-fbl;dur=311 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=994,atl-edge;dur=986,atl-edge-internal;dur=17,atl-edge-upstream;dur=969,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="v78Ai8ZS2f6CW2XFxA3lhUWs5W__FQ_7T-7Gt0C7Wz4hvLiWTzkACQ==",cdn-downstream-fbl;dur=999 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1073,15 +1073,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a4888bfa57444daa340ca8dc53629170.cloudfront.net (CloudFront) + - 1.1 80221b5cb6d99c6010a1a445f2ea0f30.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - O66w4ISug0EogE22uL-nTvxzTSVxodTGFGnz562bxUSuiZdf9Yulfw== + - v78Ai8ZS2f6CW2XFxA3lhUWs5W__FQ_7T-7Gt0C7Wz4hvLiWTzkACQ== X-Amz-Cf-Pop: - - ORD58-P1 + - SYD62-P2 X-Arequestid: - - 9d6cdec35985ddc80935bdfb0dcb8750 + - 18cbdadcb3db05bcae3121b4dbdab328 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1105,30 +1105,30 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18183 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18183","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18183","key":"NTEST-1844","fields":{"statuscategorychangedate":"2025-04-30T18:24:41.238+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:53:57.644+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1844/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:40.963+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t07:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:41.043+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:53:57.122+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n|| Severity || CVE || + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247] + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 + (233)\n*Severity:* High\n *Due Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1138,9 +1138,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1150,14 +1150,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1844/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18183/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 20a808c2-75ad-4832-a255-140273d98d8d + - a08e8f19-9b98-44f7-b52c-59bee3e7d841 Atl-Traceid: - - 20a808c275ad4832a255140273d98d8d + - a08e8f199b9844f7b52c59bee3e7d841 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1167,7 +1167,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:44 GMT + - Sun, 15 Jun 2025 08:54:09 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1177,7 +1177,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="S2hQ4_Xd531z0mdwCiTxsRBfciWRkDimt537H8Fn4k7quF0rfRbKUg==",cdn-downstream-fbl;dur=363,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=360,atl-edge;dur=271,atl-edge-internal;dur=18,atl-edge-upstream;dur=255,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=469,atl-edge;dur=465,atl-edge-internal;dur=18,atl-edge-upstream;dur=445,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="cigcWQGPxkPzCZzMtThCWIv6hCN8EUw-urQSlI8lSeuvBp9Cikmxwg==",cdn-downstream-fbl;dur=474 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1187,15 +1187,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 bd02c4a72f88f2bbd693051675941962.cloudfront.net (CloudFront) + - 1.1 8bec138951dfffa4e8e0ac983bb30e76.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - S2hQ4_Xd531z0mdwCiTxsRBfciWRkDimt537H8Fn4k7quF0rfRbKUg== + - cigcWQGPxkPzCZzMtThCWIv6hCN8EUw-urQSlI8lSeuvBp9Cikmxwg== X-Amz-Cf-Pop: - - ORD58-P1 + - SYD62-P1 X-Arequestid: - - 45c5465fcb61989f672202e53fd11301 + - 3e1fddae0068609e0b15209b4d8d286c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1219,17 +1219,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:45.033+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-06-12T13:14:20.000+0200","serverTime":"2025-06-15T10:54:10.928+0200","scmInfo":"6fa229d2fa3e2d6a8c6255d341c61c2906efbf35","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - c6ad5c6e-b8c5-4c32-967e-b686bb81c2e0 + - e51cf66b-c077-4539-918e-b11e864e08fc Atl-Traceid: - - c6ad5c6eb8c54c32967eb686bb81c2e0 + - e51cf66bc0774539918eb11e864e08fc Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1239,7 +1239,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:45 GMT + - Sun, 15 Jun 2025 08:54:11 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1249,7 +1249,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=177,atl-edge;dur=144,atl-edge-internal;dur=14,atl-edge-upstream;dur=130,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="5NzVu8PPPSi3aCVKosTVr3_BOZW8qSjSxTL5SrR5Y_Gj_4gnNUPQ6Q==",cdn-downstream-fbl;dur=181 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=857,atl-edge;dur=853,atl-edge-internal;dur=19,atl-edge-upstream;dur=832,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="Avu01MHByAGgtsDmpwDKZQOfwT8hF520bzQ0OCSOzLAjBZsGoUDQKg==",cdn-downstream-fbl;dur=862 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1259,15 +1259,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 22067fb5d7eb764108747a104222f50a.cloudfront.net (CloudFront) + - 1.1 2e05fb1b0c75f8ef4c701fadb0b27fd8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 5NzVu8PPPSi3aCVKosTVr3_BOZW8qSjSxTL5SrR5Y_Gj_4gnNUPQ6Q== + - Avu01MHByAGgtsDmpwDKZQOfwT8hF520bzQ0OCSOzLAjBZsGoUDQKg== X-Amz-Cf-Pop: - - DFW57-P1 + - SYD62-P1 X-Arequestid: - - 7c3fb04417a8deba707ddccdb7233c1c + - 46dc76adca71b86492568fa9e3d59232 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1291,30 +1291,30 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18183 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18183","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18183","key":"NTEST-1844","fields":{"statuscategorychangedate":"2025-04-30T18:24:41.238+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:53:57.644+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1844/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:40.963+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t07:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:41.043+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:53:57.122+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n|| Severity || CVE || + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247] + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 + (233)\n*Severity:* High\n *Due Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1324,9 +1324,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1336,14 +1336,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1844/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18183/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 7a6e1479-eecd-48ff-a61a-68bfbf8af5b7 + - 3bafb78a-a8a4-4008-962f-62d6c8943c24 Atl-Traceid: - - 7a6e1479eecd48ffa61a68bfbf8af5b7 + - 3bafb78aa8a44008962f62d6c8943c24 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1353,7 +1353,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:45 GMT + - Sun, 15 Jun 2025 08:54:12 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1363,7 +1363,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=275,atl-edge;dur=242,atl-edge-internal;dur=15,atl-edge-upstream;dur=227,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="am9CT4itSeBWt-Du7fSSi--a8pv2ialgQg964s6gAQVw-dehmubTeQ==",cdn-downstream-fbl;dur=278 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=470,atl-edge;dur=463,atl-edge-internal;dur=16,atl-edge-upstream;dur=446,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="ovGRLweS4KHHOhdilRDhvmYlzne9blkPqD-iPCMPDqZcyi8ARhKslQ==",cdn-downstream-fbl;dur=475 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1373,15 +1373,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 ae39d1ac6bb931d0ff3d636fc3e249de.cloudfront.net (CloudFront) + - 1.1 bafb3fcfb450000b354db6fbbd3d2828.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - am9CT4itSeBWt-Du7fSSi--a8pv2ialgQg964s6gAQVw-dehmubTeQ== + - ovGRLweS4KHHOhdilRDhvmYlzne9blkPqD-iPCMPDqZcyi8ARhKslQ== X-Amz-Cf-Pop: - - DFW57-P1 + - SYD3-P1 X-Arequestid: - - 0b86839564fd1f893305bf7f5baa1cd8 + - 7b542a86bdce837e5a3e9c447c766196 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1405,17 +1405,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:45.756+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-06-12T13:14:20.000+0200","serverTime":"2025-06-15T10:54:13.587+0200","scmInfo":"6fa229d2fa3e2d6a8c6255d341c61c2906efbf35","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 10660dbc-8707-4be5-b9b6-3e17bcae2751 + - e651a964-27aa-4496-8552-44d5c0a95998 Atl-Traceid: - - 10660dbc87074be5b9b63e17bcae2751 + - e651a96427aa4496855244d5c0a95998 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1425,7 +1425,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:45 GMT + - Sun, 15 Jun 2025 08:54:13 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1435,7 +1435,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=192,atl-edge;dur=159,atl-edge-internal;dur=15,atl-edge-upstream;dur=143,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="RWf1FUW3ktQroQeRObCIm0TnU-JEdgPwV3tSJVE9HTRxR8z-_7oNwA==",cdn-downstream-fbl;dur=196 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=364,atl-edge;dur=356,atl-edge-internal;dur=14,atl-edge-upstream;dur=343,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="WUhVYXhCkfhBOJUYmUC2z3T7HWu0oDBuQ0yuFY70P1YDOJDzkjDyHw==",cdn-downstream-fbl;dur=368 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1445,15 +1445,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 71ab92edd02bc8ec941d842529d753d0.cloudfront.net (CloudFront) + - 1.1 0cf8dd8ff8bb60665199a3fb2c2f8e9e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - RWf1FUW3ktQroQeRObCIm0TnU-JEdgPwV3tSJVE9HTRxR8z-_7oNwA== + - WUhVYXhCkfhBOJUYmUC2z3T7HWu0oDBuQ0yuFY70P1YDOJDzkjDyHw== X-Amz-Cf-Pop: - - DFW57-P1 + - SYD62-P1 X-Arequestid: - - c74e31c9c4a6648b9fcd531e9be110d7 + - 7ee6ff7bbdaf3a5eaebb7dc272fa25b9 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1477,30 +1477,30 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18183 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18183","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18183","key":"NTEST-1844","fields":{"statuscategorychangedate":"2025-04-30T18:24:41.238+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:53:57.644+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1844/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:40.963+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t07:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:41.043+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:53:57.122+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n|| Severity || CVE || + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247] + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 + (233)\n*Severity:* High\n *Due Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1510,9 +1510,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1522,14 +1522,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1844/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18183/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 41b6045c-7109-4c42-b41a-8bd7b614431f + - 1fe42b44-6651-4511-bb93-40a5302922d7 Atl-Traceid: - - 41b6045c71094c42b41a8bd7b614431f + - 1fe42b4466514511bb9340a5302922d7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1539,7 +1539,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:46 GMT + - Sun, 15 Jun 2025 08:54:15 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1549,7 +1549,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=309,atl-edge;dur=276,atl-edge-internal;dur=16,atl-edge-upstream;dur=260,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="mVUgFI8oa3QM5GN_kmuQYDWI8Y9kmKpRbpi5UL5JpEgwLU8Hgk__PQ==",cdn-downstream-fbl;dur=314 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=477,atl-edge;dur=476,atl-edge-internal;dur=18,atl-edge-upstream;dur=457,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="ntWLgVA017V84fIOGu8e8ykPkiWiyjqxkPON_7DYFRX0LeQPIqJG7g==",cdn-downstream-fbl;dur=482 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1559,15 +1559,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e665d09233240df4d3172e59222e0ba2.cloudfront.net (CloudFront) + - 1.1 701510d744831cda18c48da0cb099172.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - mVUgFI8oa3QM5GN_kmuQYDWI8Y9kmKpRbpi5UL5JpEgwLU8Hgk__PQ== + - ntWLgVA017V84fIOGu8e8ykPkiWiyjqxkPON_7DYFRX0LeQPIqJG7g== X-Amz-Cf-Pop: - - DFW57-P1 + - SYD62-P1 X-Arequestid: - - 781efac02171d1de5f00727243d45774 + - 463bbc8b7e660591a70399a958a73d13 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1591,7 +1591,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -1605,9 +1605,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 2e664f7b-d503-496e-8ac1-2c06ef745855 + - b594862b-7d9e-441d-bd08-a1e41ae4b06e Atl-Traceid: - - 2e664f7bd503496e8ac12c06ef745855 + - b594862b7d9e441dbd08a1e41ae4b06e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1617,7 +1617,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:46 GMT + - Sun, 15 Jun 2025 08:54:16 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1627,7 +1627,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=314,atl-edge;dur=282,atl-edge-internal;dur=14,atl-edge-upstream;dur=269,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="zWXktIMPT2Gs8SEzzQg8-0TVtGGPErHgft4w8KN3lOedRZGIvScgbg==",cdn-downstream-fbl;dur=319 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=545,atl-edge;dur=540,atl-edge-internal;dur=15,atl-edge-upstream;dur=526,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="0ZL1kEyRFUYItHwIDUrBLaZVOZ8V5Yb8anrNc9Ff7oCZaz8Zt9i6gQ==",cdn-downstream-fbl;dur=549 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1637,18 +1637,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 895116b5366f3f5264f7b6361d3fd564.cloudfront.net (CloudFront) + - 1.1 948c1c49e6b4d8c0c9b0fdb0a41022ec.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - zWXktIMPT2Gs8SEzzQg8-0TVtGGPErHgft4w8KN3lOedRZGIvScgbg== + - 0ZL1kEyRFUYItHwIDUrBLaZVOZ8V5Yb8anrNc9Ff7oCZaz8Zt9i6gQ== X-Amz-Cf-Pop: - - DFW57-P1 + - SYD62-P2 X-Arequestid: - - e744bc44570b25b4f2a3e9e3bf3de3a5 + - 288982607fe490a83815458d6c1151dd X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1662,20 +1662,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n|| Severity || CVE || + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247] + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246] - | Inactive, Verified, Mitigated |\n\n*Severity:* High\n\n *Due Date:* May 30, + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] + | Inactive, Verified, Mitigated |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1685,9 +1685,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1707,21 +1707,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3329' + - '3334' Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18183 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 response: body: string: '' headers: Atl-Request-Id: - - 7fff255f-d5ab-4119-a3c7-a16e1d8630f1 + - 798ff1ba-700e-4656-8b72-a0360dc9843e Atl-Traceid: - - 7fff255fd5ab4119a3c7a16e1d8630f1 + - 798ff1ba700e46568b72a0360dc9843e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1729,7 +1729,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:47 GMT + - Sun, 15 Jun 2025 08:54:18 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1739,7 +1739,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=31,cdn-upstream-fbl;dur=636,atl-edge;dur=508,atl-edge-internal;dur=15,atl-edge-upstream;dur=494,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="3ZZkL2hfFxNygSQsneCCLU6EkfFwZa9QbaC9EHCyuwqLvw5x7KCpmQ==",cdn-downstream-fbl;dur=641 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=841,atl-edge;dur=833,atl-edge-internal;dur=16,atl-edge-upstream;dur=818,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="3QyKwzLWSwF8NERX6g-an4si7j9Yaojg3h1kVgXh2K_Zn0r1WqW6pA==",cdn-downstream-fbl;dur=845 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1747,15 +1747,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2918cacbb3dda2d143059f9b5f341e32.cloudfront.net (CloudFront) + - 1.1 7b00ea054b97b0dfdfa184981c492f10.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 3ZZkL2hfFxNygSQsneCCLU6EkfFwZa9QbaC9EHCyuwqLvw5x7KCpmQ== + - 3QyKwzLWSwF8NERX6g-an4si7j9Yaojg3h1kVgXh2K_Zn0r1WqW6pA== X-Amz-Cf-Pop: - - DFW57-P1 + - SYD62-P3 X-Arequestid: - - de278d2ba9408e986db9e11a3df2d688 + - 0f088f9d65f6918a11c5a16383d1d31f X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1779,31 +1779,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18183 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18183","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18183","key":"NTEST-1844","fields":{"statuscategorychangedate":"2025-04-30T18:24:41.238+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:53:57.644+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1844/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:40.963+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t07:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:47.147+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:54:17.849+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n|| Severity || CVE || + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247] + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246] - | Inactive, Verified, Mitigated |\n\n*Severity:* High\n\n *Due Date:* May - 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] + | Inactive, Verified, Mitigated |\n\n*Severity:* High\n\n *Due Date:* July + 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1813,9 +1813,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1825,14 +1825,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1844/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18183/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - f86051e2-8c7f-44fd-9305-0e164a86caf7 + - 76dca9fe-68b9-464b-b8c7-e2ec3cf88dc9 Atl-Traceid: - - f86051e28c7f44fd93050e164a86caf7 + - 76dca9fe68b9464bb8c7e2ec3cf88dc9 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1842,7 +1842,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:47 GMT + - Sun, 15 Jun 2025 08:54:19 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1852,7 +1852,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=322,atl-edge;dur=289,atl-edge-internal;dur=17,atl-edge-upstream;dur=272,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="vC9DEyLasRCj3G1l9Vve2VEGIopyOKXerBgb87Wg7aEnxdGjQ0mf6w==",cdn-downstream-fbl;dur=327 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=450,atl-edge;dur=442,atl-edge-internal;dur=15,atl-edge-upstream;dur=427,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="hMnX9HOg5mPiv7NwQTeyldUo9U6FEhDm4Ssd5XNteHv43dLvbOBi9g==",cdn-downstream-fbl;dur=454 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1862,15 +1862,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5538280951642fc71308aa997730220e.cloudfront.net (CloudFront) + - 1.1 bac8af6ab43417aff0768ef23a8c05de.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - vC9DEyLasRCj3G1l9Vve2VEGIopyOKXerBgb87Wg7aEnxdGjQ0mf6w== + - hMnX9HOg5mPiv7NwQTeyldUo9U6FEhDm4Ssd5XNteHv43dLvbOBi9g== X-Amz-Cf-Pop: - - DFW57-P1 + - SYD62-P1 X-Arequestid: - - 824216d2ca97521a70451930f137f2c6 + - 9a6b3986c70a84684057f42d4e90c469 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1894,17 +1894,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:48.405+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-06-12T13:14:20.000+0200","serverTime":"2025-06-15T10:54:20.975+0200","scmInfo":"6fa229d2fa3e2d6a8c6255d341c61c2906efbf35","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 3a7b886e-34b5-4ef7-a32e-bb5916d0c521 + - d044bd7c-8760-4d44-87cd-87dcbfedbb2c Atl-Traceid: - - 3a7b886e34b54ef7a32ebb5916d0c521 + - d044bd7c87604d4487cd87dcbfedbb2c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1914,7 +1914,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:48 GMT + - Sun, 15 Jun 2025 08:54:21 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1924,7 +1924,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="EtD6JosM0cj_EwJfojGykIxJWdpz7RMhFMOo0gZQqsabBLFRkEOaPQ==",cdn-downstream-fbl;dur=255,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=253,atl-edge;dur=169,atl-edge-internal;dur=14,atl-edge-upstream;dur=155,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=352,atl-edge;dur=345,atl-edge-internal;dur=20,atl-edge-upstream;dur=322,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="-ye6iM0Dh-0gfMUcJC8fwqI49hadPrpJ84w2qMJMGGn5Bq4aEPMi9g==",cdn-downstream-fbl;dur=356 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1934,15 +1934,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 087e16218fcf1ccb7472a2c9f6a4cbe2.cloudfront.net (CloudFront) + - 1.1 db487bbf70af29af96ef50a3f5b469d4.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - EtD6JosM0cj_EwJfojGykIxJWdpz7RMhFMOo0gZQqsabBLFRkEOaPQ== + - -ye6iM0Dh-0gfMUcJC8fwqI49hadPrpJ84w2qMJMGGn5Bq4aEPMi9g== X-Amz-Cf-Pop: - - ORD56-P1 + - SYD3-P2 X-Arequestid: - - 4f1e1ac462c2cde2a351ca3893f2abe4 + - 81ca0f0b32c070f5883ec71659eac6a3 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1966,31 +1966,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18183 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18183","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18183","key":"NTEST-1844","fields":{"statuscategorychangedate":"2025-04-30T18:24:41.238+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:53:57.644+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1844/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:40.963+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t07:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:47.147+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:54:17.849+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n|| Severity || CVE || + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247] + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246] - | Inactive, Verified, Mitigated |\n\n*Severity:* High\n\n *Due Date:* May - 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] + | Inactive, Verified, Mitigated |\n\n*Severity:* High\n\n *Due Date:* July + 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2000,9 +2000,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2012,14 +2012,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1844/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18183/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 523ac437-bdb5-4f74-b4f5-2fd28eb04431 + - 84d007a1-d2b2-4875-aa52-22688d9bc119 Atl-Traceid: - - 523ac437bdb54f74b4f52fd28eb04431 + - 84d007a1d2b24875aa5222688d9bc119 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2029,7 +2029,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:49 GMT + - Sun, 15 Jun 2025 08:54:22 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2039,7 +2039,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=379,atl-edge;dur=292,atl-edge-internal;dur=17,atl-edge-upstream;dur=276,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="-aKP18RTcKwdDzwVQ2dWQsuIpHUBBcsENckhmdy9nCy8e31yHAUiag==",cdn-downstream-fbl;dur=384 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=491,atl-edge;dur=485,atl-edge-internal;dur=18,atl-edge-upstream;dur=466,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="urI-eNpruh8zOAKWmaTF1eUN_ShjWm_lcUMfsiTjY8J2a2mUmGvVFg==",cdn-downstream-fbl;dur=494 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2049,15 +2049,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 04a2159f61dab28d4b7610df116a191a.cloudfront.net (CloudFront) + - 1.1 5bbd11939e03577f970787e60c8f7b4e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - -aKP18RTcKwdDzwVQ2dWQsuIpHUBBcsENckhmdy9nCy8e31yHAUiag== + - urI-eNpruh8zOAKWmaTF1eUN_ShjWm_lcUMfsiTjY8J2a2mUmGvVFg== X-Amz-Cf-Pop: - - ORD58-P1 + - SYD3-P1 X-Arequestid: - - 9fe29e1c5e5ab9e374c4e531751e410a + - 760befb8ee05aca238cefb46c18e2831 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2081,7 +2081,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -2095,9 +2095,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - b5cd6315-c1a3-4850-8a59-a8f5419c1253 + - 89aeaa4e-c49d-4596-8389-061a53995ef4 Atl-Traceid: - - b5cd6315c1a348508a59a8f5419c1253 + - 89aeaa4ec49d45968389061a53995ef4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2107,7 +2107,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:49 GMT + - Sun, 15 Jun 2025 08:54:24 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2117,7 +2117,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=302,atl-edge;dur=270,atl-edge-internal;dur=15,atl-edge-upstream;dur=256,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="JB3VsWE-Mb3jqkH6awq6keZvx3H3sftS9lL_jdiwPLVCc-SfrEYcZQ==",cdn-downstream-fbl;dur=306 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=1014,atl-edge;dur=1007,atl-edge-internal;dur=15,atl-edge-upstream;dur=992,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="yh22paQBwbNSHMtaW8CPfK8WKFMYW5KQBrbEcCMcqlnTnOqFZiPB5w==",cdn-downstream-fbl;dur=1018 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2127,18 +2127,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 edb5724c2fa0963fde9c6c5089b747ce.cloudfront.net (CloudFront) + - 1.1 b862c6b18a44c823dd40d8d760097ee2.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - JB3VsWE-Mb3jqkH6awq6keZvx3H3sftS9lL_jdiwPLVCc-SfrEYcZQ== + - yh22paQBwbNSHMtaW8CPfK8WKFMYW5KQBrbEcCMcqlnTnOqFZiPB5w== X-Amz-Cf-Pop: - - DFW57-P1 + - SYD3-P2 X-Arequestid: - - ed1b17676ac801afa921ba6ca01fbddd + - 290bbba63f76127b98ba40b7eb725f62 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2152,20 +2152,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n|| Severity || CVE || + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247] + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] | Inactive, Verified, Mitigated |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246] - | Inactive, Verified, Mitigated |\n\n*Severity:* High\n\n *Due Date:* May 30, + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] + | Inactive, Verified, Mitigated |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2175,9 +2175,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2197,21 +2197,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3342' + - '3347' Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18183 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 response: body: string: '' headers: Atl-Request-Id: - - 576ee94c-f837-4fef-ab6d-1c400b37a693 + - 84e29507-fac2-49e3-a2eb-64a806fe6236 Atl-Traceid: - - 576ee94cf8374fefab6d1c400b37a693 + - 84e29507fac249e3a2eb64a806fe6236 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2219,7 +2219,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:50 GMT + - Sun, 15 Jun 2025 08:54:26 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2229,7 +2229,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=605,atl-edge;dur=515,atl-edge-internal;dur=19,atl-edge-upstream;dur=496,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="WcIkGW1Bdf4hyBvP9VYinUY2JCUvTnuw7zbLUM7G5JTg55ZV6Jk1ZQ==",cdn-downstream-fbl;dur=611 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=926,atl-edge;dur=923,atl-edge-internal;dur=17,atl-edge-upstream;dur=906,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="8cOouBK8u1VoZldMwCfxqR0bMpgb0YqlG44Zj_1CMHjwBcXBcMFx2Q==",cdn-downstream-fbl;dur=930 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2237,15 +2237,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c8780798b589dc6b55523ca0a9bc3c02.cloudfront.net (CloudFront) + - 1.1 6eb4925a459e5104745cfd7f77596766.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - WcIkGW1Bdf4hyBvP9VYinUY2JCUvTnuw7zbLUM7G5JTg55ZV6Jk1ZQ== + - 8cOouBK8u1VoZldMwCfxqR0bMpgb0YqlG44Zj_1CMHjwBcXBcMFx2Q== X-Amz-Cf-Pop: - - ORD58-P1 + - SYD62-P3 X-Arequestid: - - c48dc49c9c2cf15f11e90114a9865454 + - b79a63e309047a4edcd3d3c65e38df38 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2269,31 +2269,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18183 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18183","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18183","key":"NTEST-1844","fields":{"statuscategorychangedate":"2025-04-30T18:24:41.238+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:53:57.644+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1844/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:40.963+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t07:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:49.941+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:54:25.683+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n|| Severity || CVE || + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247] + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] | Inactive, Verified, Mitigated |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246] - | Inactive, Verified, Mitigated |\n\n*Severity:* High\n\n *Due Date:* May - 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] + | Inactive, Verified, Mitigated |\n\n*Severity:* High\n\n *Due Date:* July + 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2303,9 +2303,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2315,14 +2315,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1844/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18183/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 8b83a659-b98d-45c0-87bd-95589a224773 + - c8abf41a-c988-4ec4-984b-aad50ad1d3ba Atl-Traceid: - - 8b83a659b98d45c087bd95589a224773 + - c8abf41ac9884ec4984baad50ad1d3ba Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2332,7 +2332,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:50 GMT + - Sun, 15 Jun 2025 08:54:27 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2342,7 +2342,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="amR0-KhFG7VnEwSloGqiSZiAsf2Ef8GWJ3BHql4Q711k06h_X9vFnA==",cdn-downstream-fbl;dur=363,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=54,cdn-upstream-fbl;dur=360,atl-edge;dur=287,atl-edge-internal;dur=17,atl-edge-upstream;dur=270,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=442,atl-edge;dur=440,atl-edge-internal;dur=16,atl-edge-upstream;dur=424,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="IfVF2mA8cEO6EOQBeORKcKa3rdcI1_YX3g_N5xtCSGdkqsUepR6cFA==",cdn-downstream-fbl;dur=446 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2352,15 +2352,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 81e839ce31651517fdd5c593655bd0d6.cloudfront.net (CloudFront) + - 1.1 03b68196a4924b2e14289edfecca0cae.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - amR0-KhFG7VnEwSloGqiSZiAsf2Ef8GWJ3BHql4Q711k06h_X9vFnA== + - IfVF2mA8cEO6EOQBeORKcKa3rdcI1_YX3g_N5xtCSGdkqsUepR6cFA== X-Amz-Cf-Pop: - - ORD58-P1 + - SYD3-P1 X-Arequestid: - - 1f07a3278a427557561f25ba4b18059f + - 88bf8441ac9c3b930764b28cf140c13f X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2386,17 +2386,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1844/transitions + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/transitions response: body: string: '' headers: Atl-Request-Id: - - 7c06d8c3-3393-4259-acba-f51aabe518e4 + - a93fe4ba-2a26-443d-b590-2131c1f53b58 Atl-Traceid: - - 7c06d8c333934259acbaf51aabe518e4 + - a93fe4ba2a26443db5902131c1f53b58 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2404,7 +2404,7 @@ interactions: Content-Type: - text/html;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:51 GMT + - Sun, 15 Jun 2025 08:54:29 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2414,7 +2414,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=609,atl-edge;dur=576,atl-edge-internal;dur=14,atl-edge-upstream;dur=562,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="Sft5Vk0_5RNjByKeQBGvfJU27byUpieNjNTySPtqeJA2azDZbIEtUA==",cdn-downstream-fbl;dur=612 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=989,atl-edge;dur=985,atl-edge-internal;dur=15,atl-edge-upstream;dur=971,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="psUR1sL1LZSNBKG0pR9hefB5RrBUwmOZzHQgttp1wLz0y5uDdZO5Vw==",cdn-downstream-fbl;dur=994 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2422,15 +2422,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f9c7cdbfd821ee3522abb640c0e0a228.cloudfront.net (CloudFront) + - 1.1 909f00169c0be43b0eae99ab8e7a6126.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Sft5Vk0_5RNjByKeQBGvfJU27byUpieNjNTySPtqeJA2azDZbIEtUA== + - psUR1sL1LZSNBKG0pR9hefB5RrBUwmOZzHQgttp1wLz0y5uDdZO5Vw== X-Amz-Cf-Pop: - - DFW57-P1 + - SYD62-P1 X-Arequestid: - - 67fbe80f9c3d7bcc78ffe4cc79c9d0ae + - 3d1e53c4e6048c19dea275c9ecc65dfd X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2454,17 +2454,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:51.870+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-06-12T13:14:20.000+0200","serverTime":"2025-06-15T10:54:30.705+0200","scmInfo":"6fa229d2fa3e2d6a8c6255d341c61c2906efbf35","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 2a539786-3748-450f-97ba-ed67e8032e71 + - cd3df579-12ba-4034-a29f-f3b4d0898ab7 Atl-Traceid: - - 2a5397863748450f97baed67e8032e71 + - cd3df57912ba4034a29ff3b4d0898ab7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2474,7 +2474,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:51 GMT + - Sun, 15 Jun 2025 08:54:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2484,7 +2484,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=179,atl-edge;dur=146,atl-edge-internal;dur=14,atl-edge-upstream;dur=132,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="L5Kn60NLjyG_5ozmHWtY3wxLqp9jHq58VYgM_iSkoaWeVeQNNV8Gig==",cdn-downstream-fbl;dur=182 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=342,atl-edge;dur=338,atl-edge-internal;dur=14,atl-edge-upstream;dur=324,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="Vn_IDplkiayyKC4jx_OqmgYAqf8FajgZ6gVDfUK03fwY-1A1H1s6kQ==",cdn-downstream-fbl;dur=346 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2494,15 +2494,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 60b2b330807c6611e06e3923c8e315cc.cloudfront.net (CloudFront) + - 1.1 d6156d803088bd5b7d72dddf2e03745c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - L5Kn60NLjyG_5ozmHWtY3wxLqp9jHq58VYgM_iSkoaWeVeQNNV8Gig== + - Vn_IDplkiayyKC4jx_OqmgYAqf8FajgZ6gVDfUK03fwY-1A1H1s6kQ== X-Amz-Cf-Pop: - - DFW57-P1 + - SYD62-P3 X-Arequestid: - - 55ae8762aee6c55e45093a5fc9bd128c + - 7668f168cc50c6ffd301b98e571d374c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2526,30 +2526,30 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18183 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18183","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18183","key":"NTEST-1844","fields":{"statuscategorychangedate":"2025-04-30T18:24:51.193+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:54:29.018+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-04-30T18:24:51.165+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1844/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:40.963+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_10230_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t07:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:51.193+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-06-15T10:54:28.984+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_32285_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:54:29.017+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n|| Severity || CVE || + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247] + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] | Inactive, Verified, Mitigated |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246] - | Inactive, Verified, Mitigated |\n\n*Severity:* High\n\n *Due Date:* May - 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] + | Inactive, Verified, Mitigated |\n\n*Severity:* High\n\n *Due Date:* July + 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2559,9 +2559,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2571,14 +2571,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1844/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18183/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 2ca60ae6-a264-4209-b8f6-7a59a511fb7e + - 92f3c59c-6ded-415f-8d43-3e2cb5e27f74 Atl-Traceid: - - 2ca60ae6a2644209b8f67a59a511fb7e + - 92f3c59c6ded415f8d433e2cb5e27f74 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2588,7 +2588,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:52 GMT + - Sun, 15 Jun 2025 08:54:32 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2598,7 +2598,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=304,atl-edge;dur=270,atl-edge-internal;dur=15,atl-edge-upstream;dur=255,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="T0C96mxIVgLy7cYEfV1TnupkhKYo-_T5YB9obsiMJXHuYIPTn9mUJQ==",cdn-downstream-fbl;dur=307 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=508,atl-edge;dur=506,atl-edge-internal;dur=17,atl-edge-upstream;dur=489,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="1pz3Hurr_5DG8GnQDa3yykE9iPR36DAdVP-jploxYLhfOrzAsJvowA==",cdn-downstream-fbl;dur=512 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2608,15 +2608,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a9c93b7820e04954dd3278b106daa8da.cloudfront.net (CloudFront) + - 1.1 2232887ba0422bbe2b2a9f1ebf020f00.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - T0C96mxIVgLy7cYEfV1TnupkhKYo-_T5YB9obsiMJXHuYIPTn9mUJQ== + - 1pz3Hurr_5DG8GnQDa3yykE9iPR36DAdVP-jploxYLhfOrzAsJvowA== X-Amz-Cf-Pop: - - DFW57-P1 + - SYD62-P1 X-Arequestid: - - 24a68735bda289dbdb775a536b6be206 + - 4224b938cfe86f756e844fac753f8cfc X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2640,17 +2640,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:52.784+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-06-12T13:14:20.000+0200","serverTime":"2025-06-15T10:54:33.505+0200","scmInfo":"6fa229d2fa3e2d6a8c6255d341c61c2906efbf35","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 201b8c0e-0a31-4b4a-8016-d81c54e5e7cc + - 89d32558-8b87-4332-8e18-271bc618b505 Atl-Traceid: - - 201b8c0e0a314b4a8016d81c54e5e7cc + - 89d325588b8743328e18271bc618b505 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2660,7 +2660,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:52 GMT + - Sun, 15 Jun 2025 08:54:33 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2670,7 +2670,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=199,atl-edge;dur=166,atl-edge-internal;dur=13,atl-edge-upstream;dur=153,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="cOzkr4QWPvD-rVW765xQZEyKi5E4b_lv7UUjWXMZM2EfyYn_vi15qQ==",cdn-downstream-fbl;dur=202 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=338,atl-edge;dur=335,atl-edge-internal;dur=13,atl-edge-upstream;dur=322,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="y7nWExTWaOxJjC3zQKcpqWPoObI4w2khTASI0NRNnIMGDR3gmiP7UA==",cdn-downstream-fbl;dur=342 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2680,15 +2680,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 de5b26aba33b480d2b740b96a34fe916.cloudfront.net (CloudFront) + - 1.1 eeaafdd5e22d1448912c6cf3e1e5bd58.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - cOzkr4QWPvD-rVW765xQZEyKi5E4b_lv7UUjWXMZM2EfyYn_vi15qQ== + - y7nWExTWaOxJjC3zQKcpqWPoObI4w2khTASI0NRNnIMGDR3gmiP7UA== X-Amz-Cf-Pop: - - DFW57-P1 + - SYD3-P1 X-Arequestid: - - 1fbf3d84db95dbf141aba7dfcf743671 + - c952cc49ab64d498925660424fcf5d8b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2712,7 +2712,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -2726,9 +2726,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 1aaed495-2b13-4eb8-b598-0e3db093e452 + - 46c91a67-f007-4f22-b8cd-af05d936f43d Atl-Traceid: - - 1aaed4952b134eb8b5980e3db093e452 + - 46c91a67f0074f22b8cdaf05d936f43d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2738,7 +2738,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:53 GMT + - Sun, 15 Jun 2025 08:54:35 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2748,7 +2748,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=19,cdn-upstream-fbl;dur=379,atl-edge;dur=298,atl-edge-internal;dur=16,atl-edge-upstream;dur=283,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="fnQZqIVWdU7qg3xNKUD-jTvQKaSc-Jxyb9dCYjo6rv-TsImPWgdlQA==",cdn-downstream-fbl;dur=384 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=551,atl-edge;dur=546,atl-edge-internal;dur=15,atl-edge-upstream;dur=531,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="rcldnTE61M2PoLH1CgAsQiasmOQaCsNpiKq1NN7zkDFotQK5COlkDA==",cdn-downstream-fbl;dur=557 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2758,18 +2758,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 124fcc45b0cac625cd0077abe70a7c60.cloudfront.net (CloudFront) + - 1.1 3d26345933183b6a437e0f8ba3c37df8.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - fnQZqIVWdU7qg3xNKUD-jTvQKaSc-Jxyb9dCYjo6rv-TsImPWgdlQA== + - rcldnTE61M2PoLH1CgAsQiasmOQaCsNpiKq1NN7zkDFotQK5COlkDA== X-Amz-Cf-Pop: - - ORD58-P1 + - SYD3-P1 X-Arequestid: - - 756cfde325f1164aa5053c72a7525af0 + - 2bf59249f56ea93f845b2558eddf7912 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2782,11 +2782,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Jira Api Test 2", "description": "\n\n\n\n\n\n*Title*: [Jira Api - Test 2|http://localhost:8080/finding/252]\n\n*Defect Dojo link:* http://localhost:8080/finding/252 - (252)\n\n*Severity:* High\n\n\n*Due Date:* May 30, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + Test 2|http://localhost:8080/finding/238]\n\n*Defect Dojo link:* http://localhost:8080/finding/238 + (238)\n\n*Severity:* High\n\n\n*Due Date:* July 15, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header @@ -2805,21 +2805,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1430' + - '1431' Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18185","key":"NTEST-1845","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18185"}' + string: '{"id":"20033","key":"NTEST-3053","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20033"}' headers: Atl-Request-Id: - - a73eadd5-3c3f-45d2-95c7-9106635809b8 + - e0cc5878-9fc7-477d-931a-406c1ce9e5e6 Atl-Traceid: - - a73eadd53c3f45d295c79106635809b8 + - e0cc58789fc7477d931a406c1ce9e5e6 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2827,7 +2827,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:54 GMT + - Sun, 15 Jun 2025 08:54:37 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2837,7 +2837,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=719,atl-edge;dur=687,atl-edge-internal;dur=14,atl-edge-upstream;dur=672,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="6l2QpOGEgDcz-z7ljd7NEVc2ZDZg3ijLleYN7KNFmYFc551DeTbhRw==",cdn-downstream-fbl;dur=723 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=1013,atl-edge;dur=1011,atl-edge-internal;dur=14,atl-edge-upstream;dur=997,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="6h8T0gQqQ83OEsy4afTkmnR5bOXK9bIWYmxpkFUEyuj75m_C2Qqrvw==",cdn-downstream-fbl;dur=1018 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2847,15 +2847,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 98d88908b69262fc69248986276dbe36.cloudfront.net (CloudFront) + - 1.1 4279a60193243ca3cf62feedc7fe581e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 6l2QpOGEgDcz-z7ljd7NEVc2ZDZg3ijLleYN7KNFmYFc551DeTbhRw== + - 6h8T0gQqQ83OEsy4afTkmnR5bOXK9bIWYmxpkFUEyuj75m_C2Qqrvw== X-Amz-Cf-Pop: - - DFW57-P1 + - SYD62-P1 X-Arequestid: - - 055a52b183bf3fd6a2615d4aef0ef8c1 + - b07248ac3e747c1a406d13a801960f13 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2879,22 +2879,22 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1845 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3053 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18185","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18185","key":"NTEST-1845","fields":{"statuscategorychangedate":"2025-04-30T18:24:54.033+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20033","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20033","key":"NTEST-3053","fields":{"statuscategorychangedate":"2025-06-15T10:54:36.842+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1845/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:53.734+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t0f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:53.806+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3053/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:54:36.467+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116v:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:54:36.577+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Jira Api Test 2|http://localhost:8080/finding/252]\n\n*Defect Dojo link:* - http://localhost:8080/finding/252 (252)\n\n*Severity:* High\n\n\n*Due Date:* - May 30, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + [Jira Api Test 2|http://localhost:8080/finding/238]\n\n*Defect Dojo link:* + http://localhost:8080/finding/238 (238)\n\n*Severity:* High\n\n\n*Due Date:* + July 15, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` @@ -2903,14 +2903,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Jira - Api Test 2","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1845/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18185/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Api Test 2","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3053/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20033/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 7683e9c4-c66f-4110-b672-71dbbca8b332 + - 58c99c20-a996-42e8-82f2-d6e395d80220 Atl-Traceid: - - 7683e9c4c66f4110b67271dbbca8b332 + - 58c99c20a99642e882f2d6e395d80220 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2920,7 +2920,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:54 GMT + - Sun, 15 Jun 2025 08:54:38 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2930,7 +2930,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=272,atl-edge;dur=239,atl-edge-internal;dur=14,atl-edge-upstream;dur=226,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="8UCwqRXrBSVxbMjyMtVdbI9vUWteG4tDyHmSGHCf-bx3UbXTB1i1og==",cdn-downstream-fbl;dur=275 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=456,atl-edge;dur=454,atl-edge-internal;dur=15,atl-edge-upstream;dur=437,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="isXydxb3DgPmP04RR7iw1m6a_Z4Mmb3uVU_-_4FVuJLZ8vo_HBExIA==",cdn-downstream-fbl;dur=461 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2940,15 +2940,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f9c7cdbfd821ee3522abb640c0e0a228.cloudfront.net (CloudFront) + - 1.1 dff94781894736c12dbb6eb4e456a898.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 8UCwqRXrBSVxbMjyMtVdbI9vUWteG4tDyHmSGHCf-bx3UbXTB1i1og== + - isXydxb3DgPmP04RR7iw1m6a_Z4Mmb3uVU_-_4FVuJLZ8vo_HBExIA== X-Amz-Cf-Pop: - - DFW57-P1 + - SYD3-P1 X-Arequestid: - - 0fac3749ff3f3b59e2889f3b205fe4ba + - 7571ba138dafaaf057e7a4312f8cf0b3 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2972,22 +2972,22 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18185 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20033 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18185","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18185","key":"NTEST-1845","fields":{"statuscategorychangedate":"2025-04-30T18:24:54.033+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20033","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20033","key":"NTEST-3053","fields":{"statuscategorychangedate":"2025-06-15T10:54:36.842+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1845/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:53.734+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t0f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:53.806+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3053/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:54:36.467+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116v:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:54:36.577+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Jira Api Test 2|http://localhost:8080/finding/252]\n\n*Defect Dojo link:* - http://localhost:8080/finding/252 (252)\n\n*Severity:* High\n\n\n*Due Date:* - May 30, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + [Jira Api Test 2|http://localhost:8080/finding/238]\n\n*Defect Dojo link:* + http://localhost:8080/finding/238 (238)\n\n*Severity:* High\n\n\n*Due Date:* + July 15, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` @@ -2996,14 +2996,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Jira - Api Test 2","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1845/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18185/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Api Test 2","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3053/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20033/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 72c6abfb-be01-4da1-bce8-ab50d8104588 + - 133a98d1-af52-468b-aebf-71df22a35943 Atl-Traceid: - - 72c6abfbbe014da1bce8ab50d8104588 + - 133a98d1af52468baebf71df22a35943 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3013,7 +3013,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:55 GMT + - Sun, 15 Jun 2025 08:54:40 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3023,7 +3023,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=322,atl-edge;dur=287,atl-edge-internal;dur=16,atl-edge-upstream;dur=271,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="AENb14gqANqO5k2wA22TUlZZUMADudbdroP6ps8FxL7YQOYWhFHRJg==",cdn-downstream-fbl;dur=326 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=922,atl-edge;dur=916,atl-edge-internal;dur=16,atl-edge-upstream;dur=901,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="2P3iZbqcJJy69dfzv8_98KiHS9HTt6lUrYwXjOMBdoLwH4qqWJdAYA==",cdn-downstream-fbl;dur=927 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3033,15 +3033,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 ad310b4d7c581c35032fa3fce068e53c.cloudfront.net (CloudFront) + - 1.1 8e52b0323db9e9f5baf300137747fffe.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - AENb14gqANqO5k2wA22TUlZZUMADudbdroP6ps8FxL7YQOYWhFHRJg== + - 2P3iZbqcJJy69dfzv8_98KiHS9HTt6lUrYwXjOMBdoLwH4qqWJdAYA== X-Amz-Cf-Pop: - - DFW57-P1 + - SYD3-P2 X-Arequestid: - - 7ad1b875f74a01da9cd801ea3ac11f0e + - bade033a29f1012b72804950b4602390 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3065,17 +3065,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:55.619+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-06-12T13:14:20.000+0200","serverTime":"2025-06-15T10:54:41.357+0200","scmInfo":"6fa229d2fa3e2d6a8c6255d341c61c2906efbf35","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 92cb6b14-10f3-45b7-a3e2-aab9903db14c + - 03274dbc-ff44-4697-aa54-1e8585bd48fd Atl-Traceid: - - 92cb6b1410f345b7a3e2aab9903db14c + - 03274dbcff444697aa541e8585bd48fd Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3085,7 +3085,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:55 GMT + - Sun, 15 Jun 2025 08:54:41 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3095,7 +3095,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="ffSeDSWck2ZZMucvKLgHMQ4kpHd3wmOqEZsHeC1uQxdlEIMucjRoEA==",cdn-downstream-fbl;dur=386,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=383,atl-edge;dur=299,atl-edge-internal;dur=18,atl-edge-upstream;dur=282,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=338,atl-edge;dur=332,atl-edge-internal;dur=15,atl-edge-upstream;dur=317,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="iqVAOWtJBY9-SOs2uzNlE0-DTXe-BjKneYxjrT7_eKVJj00Kklm8iA==",cdn-downstream-fbl;dur=344 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3105,15 +3105,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 05df0d22c8cc3d4b946b6f2dc43d6b9c.cloudfront.net (CloudFront) + - 1.1 fd8b250e4ee7cd8e5de453d78708baee.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - ffSeDSWck2ZZMucvKLgHMQ4kpHd3wmOqEZsHeC1uQxdlEIMucjRoEA== + - iqVAOWtJBY9-SOs2uzNlE0-DTXe-BjKneYxjrT7_eKVJj00Kklm8iA== X-Amz-Cf-Pop: - - ORD58-P1 + - SYD3-P1 X-Arequestid: - - 23f144fada6925e1e607e085e0691ad8 + - 8df2d1efe1522493caaf1360acc0c1a9 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3137,38 +3137,59 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18185 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18185","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18185","key":"NTEST-1845","fields":{"statuscategorychangedate":"2025-04-30T18:24:54.033+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1845/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:53.734+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t0f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:53.806+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Jira Api Test 2|http://localhost:8080/finding/252]\n\n*Defect Dojo link:* - http://localhost:8080/finding/252 (252)\n\n*Severity:* High\n\n\n*Due Date:* - May 30, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* - [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable - Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:54:29.018+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-06-15T10:54:28.984+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_32285_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:54:29.017+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || + CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] + | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] + | Inactive, Verified, Mitigated |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] + | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] + | Inactive, Verified, Mitigated |\n\n*Severity:* High\n\n *Due Date:* July + 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* - [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Jira - Api Test 2","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1845/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18185/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 60eb77f8-91d5-4f5d-b705-da2aef1e0ef3 + - 2dc24bb4-c286-476b-b979-145db8d50d41 Atl-Traceid: - - 60eb77f891d54f5db705da2aef1e0ef3 + - 2dc24bb4c286476bb979145db8d50d41 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3178,7 +3199,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:56 GMT + - Sun, 15 Jun 2025 08:54:43 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3188,7 +3209,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="OA7ittQ2kJt5j5vQU3Bz0dZI31o9W6F1RUxeX-fJMPRCYIesrN1Z2g==",cdn-downstream-fbl;dur=345,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=66,cdn-upstream-fbl;dur=342,atl-edge;dur=254,atl-edge-internal;dur=18,atl-edge-upstream;dur=236,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=962,atl-edge;dur=960,atl-edge-internal;dur=15,atl-edge-upstream;dur=945,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="C9lPviikLboeHMbvuhM8s4B4IGlSKXguHDakYjAbktL6hE_XrrT4WA==",cdn-downstream-fbl;dur=967 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3198,15 +3219,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e61f6cd3dfbf1a805c935627b416490e.cloudfront.net (CloudFront) + - 1.1 8e52b0323db9e9f5baf300137747fffe.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - OA7ittQ2kJt5j5vQU3Bz0dZI31o9W6F1RUxeX-fJMPRCYIesrN1Z2g== + - C9lPviikLboeHMbvuhM8s4B4IGlSKXguHDakYjAbktL6hE_XrrT4WA== X-Amz-Cf-Pop: - - ORD58-P1 + - SYD3-P2 X-Arequestid: - - 4814ec973eb63c00f12049257fa21001 + - 03fbb2788392a10cc03207e38bdb9f03 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3230,7 +3251,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -3244,9 +3265,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 836c9fd3-c2a1-45a9-8b7a-6aa82407fbe4 + - dba13385-ae26-490b-922d-137089486a7b Atl-Traceid: - - 836c9fd3c2a145a98b7a6aa82407fbe4 + - dba13385ae26490b922d137089486a7b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3256,7 +3277,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:56 GMT + - Sun, 15 Jun 2025 08:54:45 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3266,7 +3287,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="fX76ZBW0L0J-WbuLo9lh3ckJe6M-GC1xzXzkPTdhSj4SgMat1Ypy3w==",cdn-downstream-fbl;dur=370,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=64,cdn-upstream-fbl;dur=368,atl-edge;dur=281,atl-edge-internal;dur=16,atl-edge-upstream;dur=264,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=1067,atl-edge;dur=1065,atl-edge-internal;dur=17,atl-edge-upstream;dur=1048,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="jugifE7EvLDxOumPcfOJ-E7-7qvP6mCboUNb54XL5wt37OUQVGyY_Q==",cdn-downstream-fbl;dur=1072 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3276,18 +3297,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c973663b623c0e82cd366d5ae7837bf4.cloudfront.net (CloudFront) + - 1.1 adb4605fb7528573053aec50d6f562c8.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - fX76ZBW0L0J-WbuLo9lh3ckJe6M-GC1xzXzkPTdhSj4SgMat1Ypy3w== + - jugifE7EvLDxOumPcfOJ-E7-7qvP6mCboUNb54XL5wt37OUQVGyY_Q== X-Amz-Cf-Pop: - - ORD56-P1 + - SYD62-P1 X-Arequestid: - - 45721428a93acfa5454ed7caea4ca965 + - 2ed7e88614137b619d1b96db0a2158f6 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3299,13 +3320,49 @@ interactions: message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, - "summary": "Jira Api Test 2", "description": "\n\n\n\n\n\n*Title*: [Jira Api - Test 2|http://localhost:8080/finding/252]\n\n*Defect Dojo link:* http://localhost:8080/finding/252 - (252)\n\n*Severity:* High\n\n\n*Due Date:* May 30, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* - [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable - Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || + CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] + | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] + | Inactive, Verified, Mitigated |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] + | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 + | [Jira Api Test 2|http://localhost:8080/finding/238] | Active, Verified |\n| + High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] + | negotiator | 0.5.3 | [Regular Expression Denial of Service - (Negotiator, + <= 0.6.0)|http://localhost:8080/finding/232] | Inactive, Verified, Mitigated + |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 + (233)\n*Severity:* High\n *Due Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 2|http://localhost:8080/finding/238]\n*Defect + Dojo link:* http://localhost:8080/finding/238 (238)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n @@ -3323,21 +3380,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1414' + - '4586' Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18185 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 response: body: string: '' headers: Atl-Request-Id: - - 3ad6b3ac-84b0-450b-b229-2ed96991c13e + - 8841eb1e-7b1c-40c0-9b48-d3f4086a5951 Atl-Traceid: - - 3ad6b3ac84b0450bb2292ed96991c13e + - 8841eb1e7b1c40c09b48d3f4086a5951 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3345,7 +3402,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:57 GMT + - Sun, 15 Jun 2025 08:54:47 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3355,7 +3412,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=284,atl-edge;dur=251,atl-edge-internal;dur=15,atl-edge-upstream;dur=236,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="nUZuHf2RwgBpV0gtalL4AKv73PFKyz5LKQCxPx-j2D1394tk4CFRkw==",cdn-downstream-fbl;dur=288 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=1202,atl-edge;dur=1198,atl-edge-internal;dur=18,atl-edge-upstream;dur=1181,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="AB56kLVRIualwGKFQ2mmlRUwcANoaCeHr8wbK7SXLKvfh2Am4EnCbA==",cdn-downstream-fbl;dur=1209 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3363,15 +3420,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 ad310b4d7c581c35032fa3fce068e53c.cloudfront.net (CloudFront) + - 1.1 eeaafdd5e22d1448912c6cf3e1e5bd58.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - nUZuHf2RwgBpV0gtalL4AKv73PFKyz5LKQCxPx-j2D1394tk4CFRkw== + - AB56kLVRIualwGKFQ2mmlRUwcANoaCeHr8wbK7SXLKvfh2Am4EnCbA== X-Amz-Cf-Pop: - - DFW57-P1 + - SYD3-P1 X-Arequestid: - - 643e59d8e5baa5c30dadc6ae90556aa6 + - cfeafbaa5f981a57342125b2ce967134 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3395,38 +3452,73 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18185 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18185","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18185","key":"NTEST-1845","fields":{"statuscategorychangedate":"2025-04-30T18:24:54.033+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1845/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:53.734+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t0f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:53.806+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Jira Api Test 2|http://localhost:8080/finding/252]\n\n*Defect Dojo link:* - http://localhost:8080/finding/252 (252)\n\n*Severity:* High\n\n\n*Due Date:* - May 30, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* - [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable - Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:54:29.018+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-06-15T10:54:28.984+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_32285_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:54:47.081+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || + CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] + | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] + | Inactive, Verified, Mitigated |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] + | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 + | [Jira Api Test 2|http://localhost:8080/finding/238] | Active, Verified |\n| + High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | + [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] + | Inactive, Verified, Mitigated |\n\n*Severity:* High\n\n *Due Date:* July + 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 2|http://localhost:8080/finding/238]\n*Defect + Dojo link:* http://localhost:8080/finding/238 (238)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* - [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Jira - Api Test 2","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1845/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18185/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 625794a8-209f-46a9-9459-74fa1621ca3e + - 574bc729-35e5-4d55-8d7c-4959f97a00d7 Atl-Traceid: - - 625794a8209f46a9945974fa1621ca3e + - 574bc72935e54d558d7c4959f97a00d7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3436,7 +3528,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:57 GMT + - Sun, 15 Jun 2025 08:54:48 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3446,7 +3538,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=282,atl-edge;dur=250,atl-edge-internal;dur=15,atl-edge-upstream;dur=235,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="QeR11A_67tziANPnsYWzT_aoBNhfJy8zTyqDqJiQvb2Nzt9VnmuOsg==",cdn-downstream-fbl;dur=286 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=451,atl-edge;dur=448,atl-edge-internal;dur=16,atl-edge-upstream;dur=433,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="KjIJugDZUhzUbBO-8L1R54trmogtDrD4jG-YHKiNNTwmeOn_zcalBw==",cdn-downstream-fbl;dur=455 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3456,15 +3548,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 edb5724c2fa0963fde9c6c5089b747ce.cloudfront.net (CloudFront) + - 1.1 4bfeb1eae9544366893e37b97eee8e6e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - QeR11A_67tziANPnsYWzT_aoBNhfJy8zTyqDqJiQvb2Nzt9VnmuOsg== + - KjIJugDZUhzUbBO-8L1R54trmogtDrD4jG-YHKiNNTwmeOn_zcalBw== X-Amz-Cf-Pop: - - DFW57-P1 + - SYD62-P1 X-Arequestid: - - 6adb17b378a7a3d4162093c7af336280 + - 93fed74e2f033334f7a48ae709533eac X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3474,6 +3566,76 @@ interactions: status: code: 200 message: OK +- request: + body: '{"transition": {"id": 11}, "fields": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '40' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/transitions + response: + body: + string: '' + headers: + Atl-Request-Id: + - 3e20c8cc-4d00-492d-8dfd-6b768ea576f8 + Atl-Traceid: + - 3e20c8cc4d00492d8dfd6b768ea576f8 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - text/html;charset=UTF-8 + Date: + - Sun, 15 Jun 2025 08:54:50 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=886,atl-edge;dur=879,atl-edge-internal;dur=19,atl-edge-upstream;dur=860,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="9-fK1GMrMVwALzAA4wSyzOKwGY_C0r-M6zLRXSofFKyYpu0QYZfpHQ==",cdn-downstream-fbl;dur=890 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + Via: + - 1.1 43b4a9a8792e30ac49642ef84dd35fc8.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 9-fK1GMrMVwALzAA4wSyzOKwGY_C0r-M6zLRXSofFKyYpu0QYZfpHQ== + X-Amz-Cf-Pop: + - SYD3-P1 + X-Arequestid: + - 7b18ec6fb9fca418e0487c85f9af52f7 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content - request: body: null headers: @@ -3488,17 +3650,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:57.926+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-06-12T13:14:20.000+0200","serverTime":"2025-06-15T10:54:51.881+0200","scmInfo":"6fa229d2fa3e2d6a8c6255d341c61c2906efbf35","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 1f1938bd-62d2-44f5-b276-1b855d2bf6e5 + - 50e0239b-6093-4f98-a2f4-ed2f5be57b31 Atl-Traceid: - - 1f1938bd62d244f5b2761b855d2bf6e5 + - 50e0239b60934f98a2f4ed2f5be57b31 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3508,7 +3670,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:57 GMT + - Sun, 15 Jun 2025 08:54:52 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3518,7 +3680,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="y-1t_KaqNBwwkRls6xLn9kF9zjdoYLEFPwoKRQlPe7fFGOp5ksIkRg==",cdn-downstream-fbl;dur=284,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=282,atl-edge;dur=197,atl-edge-internal;dur=18,atl-edge-upstream;dur=180,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=330,atl-edge;dur=329,atl-edge-internal;dur=15,atl-edge-upstream;dur=314,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="0Gwu7XW1j_nuAFjrFD3XPlAOOC4SUqK7Xca8hc5VYpt_Szc9Uj4oyA==",cdn-downstream-fbl;dur=339 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3528,15 +3690,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9832e15ad117dafc81b031983cbde91e.cloudfront.net (CloudFront) + - 1.1 0cd8fe15d9bdb168de9cd5f22954d220.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - y-1t_KaqNBwwkRls6xLn9kF9zjdoYLEFPwoKRQlPe7fFGOp5ksIkRg== + - 0Gwu7XW1j_nuAFjrFD3XPlAOOC4SUqK7Xca8hc5VYpt_Szc9Uj4oyA== X-Amz-Cf-Pop: - - ORD56-P1 + - SYD62-P2 X-Arequestid: - - 7b98bd31c0b27c28a015da69714d96b4 + - 5a7b5b222fd69da622cc65e3e1c5286d X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3560,7 +3722,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -3574,9 +3736,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 1ddf06e1-7e99-41bd-abd7-5543d563dc3c + - ebba9636-ca9f-445c-abcd-3c38234c3fa5 Atl-Traceid: - - 1ddf06e17e9941bdabd75543d563dc3c + - ebba9636ca9f445cabcd3c38234c3fa5 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3586,7 +3748,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:58 GMT + - Sun, 15 Jun 2025 08:54:53 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3596,7 +3758,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=321,atl-edge;dur=289,atl-edge-internal;dur=16,atl-edge-upstream;dur=272,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="IZDbnpLzNnrhiuFGATqFlLqNEQbOZ1NEHHaY81taDEayw1MCE_xINQ==",cdn-downstream-fbl;dur=325 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=574,atl-edge;dur=572,atl-edge-internal;dur=17,atl-edge-upstream;dur=554,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="_zrbLCo9ByAcFzzdyT1sLs9QJ9dXB6YLNICnKL7DGT8P9LOs8LQr_A==",cdn-downstream-fbl;dur=578 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3606,18 +3768,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9fe7d47ea2a815113a41181f1d63f69e.cloudfront.net (CloudFront) + - 1.1 26131a3cde08b60652129237128292a2.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - IZDbnpLzNnrhiuFGATqFlLqNEQbOZ1NEHHaY81taDEayw1MCE_xINQ== + - _zrbLCo9ByAcFzzdyT1sLs9QJ9dXB6YLNICnKL7DGT8P9LOs8LQr_A== X-Amz-Cf-Pop: - - DFW57-P1 + - SYD3-P2 X-Arequestid: - - c1f09741bd095dfde2c1d48b29c8a537 + - b9babe0235ff39eaa623f6864d3037de X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3631,29 +3793,30 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: pg:5.1.0|http://localhost:8080/finding_group/2] in [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n|| - Severity || CVE || CWE || Component || Version || Title || Status ||\n| High - | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] - | pg | 5.1.0 | [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < - 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= - 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/250] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/163] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || + CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] + | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236] | Active, + Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] | pg | 0.5.3 | [Jira - Api Test 3|http://localhost:8080/finding/253] | Active, Verified |\n| High | + Api Test 3|http://localhost:8080/finding/239] | Active, Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < - 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/248] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/234] + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/250]\n*Defect - Dojo link:* http://localhost:8080/finding/250 (250)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]\n*Defect + Dojo link:* http://localhost:8080/finding/236 (236)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when @@ -3679,9 +3842,9 @@ interactions: 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/253]\n*Defect - Dojo link:* http://localhost:8080/finding/253 (253)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/239]\n*Defect + Dojo link:* http://localhost:8080/finding/239 (239)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3694,8 +3857,8 @@ interactions: < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/248]\n*Defect Dojo link:* http://localhost:8080/finding/248 - (248)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + < 7.1.2)|http://localhost:8080/finding/234]\n*Defect Dojo link:* http://localhost:8080/finding/234 + (234)\n*Severity:* High\n *Due Date:* July 15, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when @@ -3732,21 +3895,21 @@ interactions: Connection: - keep-alive Content-Length: - - '8032' + - '8038' Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18187","key":"NTEST-1846","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18187"}' + string: '{"id":"20034","key":"NTEST-3054","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20034"}' headers: Atl-Request-Id: - - 14ddf4a0-650c-4111-aa87-e5aac8c22e61 + - 3bfe994c-6c40-4122-af38-c8cf3c9ac7d7 Atl-Traceid: - - 14ddf4a0650c4111aa87e5aac8c22e61 + - 3bfe994c6c404122af38c8cf3c9ac7d7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3754,7 +3917,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:59 GMT + - Sun, 15 Jun 2025 08:54:55 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3764,7 +3927,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=764,atl-edge;dur=728,atl-edge-internal;dur=18,atl-edge-upstream;dur=711,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="Bn4QWLmky1JQ0oG7dVKFMkQPR_MOaE4Co8pa5MuNwMjnulaLm6Wi8w==",cdn-downstream-fbl;dur=771 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=968,atl-edge;dur=965,atl-edge-internal;dur=16,atl-edge-upstream;dur=949,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="x_UD9EwKoCia2PPqxAZjrHQrR_y14dY4ZoQklg5UHHkYBkZhZbHBfA==",cdn-downstream-fbl;dur=973 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3774,15 +3937,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 de5b26aba33b480d2b740b96a34fe916.cloudfront.net (CloudFront) + - 1.1 482a1ea4dd283bc043aa76fee74514f6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Bn4QWLmky1JQ0oG7dVKFMkQPR_MOaE4Co8pa5MuNwMjnulaLm6Wi8w== + - x_UD9EwKoCia2PPqxAZjrHQrR_y14dY4ZoQklg5UHHkYBkZhZbHBfA== X-Amz-Cf-Pop: - - DFW57-P1 + - SYD62-P1 X-Arequestid: - - 6cd7b0e4a12d466475b84ccf8f979981 + - 920a7598a5648ff39ced4ec8fbbff626 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3806,41 +3969,41 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1846 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3054 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18187","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18187","key":"NTEST-1846","fields":{"statuscategorychangedate":"2025-04-30T18:24:59.164+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20034","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20034","key":"NTEST-3054","fields":{"statuscategorychangedate":"2025-06-15T10:54:55.221+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1846/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:58.851+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t0n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:58.961+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3054/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:54:54.900+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i01173:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:54:55.021+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/2] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/163] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n|| Severity || CVE || + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/250] | Active, + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236] | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] | pg | 0.5.3 | [Jira - Api Test 3|http://localhost:8080/finding/253] | Active, Verified |\n| High + Api Test 3|http://localhost:8080/finding/239] | Active, Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/248] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/234] + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/250]\n*Defect - Dojo link:* http://localhost:8080/finding/250 (250)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]\n*Defect + Dojo link:* http://localhost:8080/finding/236 (236)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs @@ -3866,9 +4029,9 @@ interactions: to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/253]\n*Defect - Dojo link:* http://localhost:8080/finding/253 (253)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/239]\n*Defect + Dojo link:* http://localhost:8080/finding/239 (239)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3881,9 +4044,9 @@ interactions: < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/248]\n*Defect Dojo link:* - http://localhost:8080/finding/248 (248)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + 7.1.0 < 7.1.2)|http://localhost:8080/finding/234]\n*Defect Dojo link:* + http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due Date:* July + 15, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs @@ -3910,14 +4073,14 @@ interactions: also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1846/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18187/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3054/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20034/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 00ceb5a6-31f6-438b-8e8d-376f07511345 + - 8ab96ee9-f06d-4d99-9759-cd553088ef4a Atl-Traceid: - - 00ceb5a631f6438b8e8d376f07511345 + - 8ab96ee9f06d4d999759cd553088ef4a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3927,7 +4090,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:59 GMT + - Sun, 15 Jun 2025 08:54:56 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3937,7 +4100,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="dgYrXD5MscdMhwx92WOEpXkzpj36b1cknwHqspbFnU0zB9pzNqPjxA==",cdn-downstream-fbl;dur=338,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=58,cdn-upstream-fbl;dur=336,atl-edge;dur=258,atl-edge-internal;dur=15,atl-edge-upstream;dur=244,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=508,atl-edge;dur=504,atl-edge-internal;dur=16,atl-edge-upstream;dur=488,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="jfQU4tsfsFKyODH8FhuCi-sz9qRIW-d7-ZXplfW_HUwlJazv-9zaew==",cdn-downstream-fbl;dur=512 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3947,15 +4110,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 dd3ca66f64c2ab5745848b5787ca747a.cloudfront.net (CloudFront) + - 1.1 8dadf490fcfee4214b49a3509dc76616.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - dgYrXD5MscdMhwx92WOEpXkzpj36b1cknwHqspbFnU0zB9pzNqPjxA== + - jfQU4tsfsFKyODH8FhuCi-sz9qRIW-d7-ZXplfW_HUwlJazv-9zaew== X-Amz-Cf-Pop: - - ORD56-P1 + - SYD62-P3 X-Arequestid: - - 35e16871de5a0d0caa75caf7eb3092c5 + - 242f0a0e765e584c2ab444e098e87973 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3979,41 +4142,41 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.3 + - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18187 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20034 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18187","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18187","key":"NTEST-1846","fields":{"statuscategorychangedate":"2025-04-30T18:24:59.164+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20034","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20034","key":"NTEST-3054","fields":{"statuscategorychangedate":"2025-06-15T10:54:55.221+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1846/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:58.851+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t0n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:58.961+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3054/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:54:54.900+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i01173:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:54:55.021+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/2] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/163] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n|| Severity || CVE || + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/250] | Active, + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236] | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] | pg | 0.5.3 | [Jira - Api Test 3|http://localhost:8080/finding/253] | Active, Verified |\n| High + Api Test 3|http://localhost:8080/finding/239] | Active, Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/248] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/234] + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/250]\n*Defect - Dojo link:* http://localhost:8080/finding/250 (250)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]\n*Defect + Dojo link:* http://localhost:8080/finding/236 (236)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs @@ -4039,9 +4202,9 @@ interactions: to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/253]\n*Defect - Dojo link:* http://localhost:8080/finding/253 (253)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/239]\n*Defect + Dojo link:* http://localhost:8080/finding/239 (239)\n*Severity:* High\n *Due + Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4054,9 +4217,9 @@ interactions: < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/248]\n*Defect Dojo link:* - http://localhost:8080/finding/248 (248)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + 7.1.0 < 7.1.2)|http://localhost:8080/finding/234]\n*Defect Dojo link:* + http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due Date:* July + 15, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs @@ -4083,14 +4246,14 @@ interactions: also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1846/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18187/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3054/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20034/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 65be480c-d3aa-4b55-9a8f-a3209d78c39f + - 4ad56585-ac0b-4a12-b3b0-960cb66c5d50 Atl-Traceid: - - 65be480cd3aa4b559a8fa3209d78c39f + - 4ad56585ac0b4a12b3b0960cb66c5d50 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4100,7 +4263,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:00 GMT + - Sun, 15 Jun 2025 08:54:58 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4110,7 +4273,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=324,atl-edge;dur=302,atl-edge-internal;dur=17,atl-edge-upstream;dur=286,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="u6Q3Kt6RjgQCiYLDyYJ0KYaDGhI_LTbJoIhh8DgOgxXBTfs5JexPEg==",cdn-downstream-fbl;dur=328 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=433,atl-edge;dur=427,atl-edge-internal;dur=16,atl-edge-upstream;dur=411,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="UlYHuwNqPW4NejUURPK2dwnz7qUrSAcxrVJACOk1x_0hbIfe_oaOJA==",cdn-downstream-fbl;dur=438 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4120,15 +4283,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3cab2977109e9e185607e6a3005951e0.cloudfront.net (CloudFront) + - 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - u6Q3Kt6RjgQCiYLDyYJ0KYaDGhI_LTbJoIhh8DgOgxXBTfs5JexPEg== + - UlYHuwNqPW4NejUURPK2dwnz7qUrSAcxrVJACOk1x_0hbIfe_oaOJA== X-Amz-Cf-Pop: - - ORD56-P1 + - SYD62-P1 X-Arequestid: - - 80de8f951872e4ca022cc4bcdfec0650 + - 3f88a36c7a7d25c445c46656cb554120 X-Cache: - Miss from cloudfront X-Content-Type-Options: