CVE-2013-7370 Medium Severity Vulnerability detected by WhiteSource

Question

CVE-2013-7370 Medium Severity Vulnerability detected by WhiteSource

Opened this issue 6 years ago · 0 comments

mend-bolt-for-github commented 6 years ago

CVE-2013-7370 - Medium Severity Vulnerability

Vulnerable Library - connect-1.9.2.tgz

High performance middleware framework

path: /RA9.github.io/bower_components/what-input/node_modules/express/node_modules/connect/package.json

Library home page: http://registry.npmjs.org/connect/-/connect-1.9.2.tgz

Dependency Hierarchy:

❌ connect-1.9.2.tgz (Vulnerable Library)

Vulnerability Details

Connect is a stack of middleware that is executed in order in each request.
The "methodOverride" middleware allows the http post to override the method of the request with the value of the "_method" post key or with the header "x-http-method-override".

Publish Date: 2013-07-01

URL: CVE-2013-7370

CVSS 2 Score Details (6.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting

Release Date: 2013-07-01

Fix Resolution: Update to the newest version of Connect or disable methodOverride. It is not possible to avoid the vulnerability if you have enabled this middleware in the top of your stack.

Step up your Open Source Security Game with WhiteSource here