WS-2019-0034 Medium Severity Vulnerability detected by WhiteSource

Question

WS-2019-0034 Medium Severity Vulnerability detected by WhiteSource

mend-bolt-for-github opened this issue 6 years ago · 0 comments

mend-bolt-for-github commented 6 years ago

WS-2019-0034 - Medium Severity Vulnerability

Vulnerable Library - js-yaml-3.12.1.tgz

YAML 1.2 parser and serializer

path: /tmp/git/ever-cli/node_modules/js-yaml/package.json

Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.12.1.tgz

Dependency Hierarchy:

codecov-3.2.0.tgz (Root Library)
- ❌ js-yaml-3.12.1.tgz (Vulnerable Library)

Found in HEAD commit: 03200c684d10ac8d6fc1680ba593da98badd57ae

Vulnerability Details

Versions js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

Publish Date: 2019-03-31

URL: WS-2019-0034

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/788

Release Date: 2019-03-31

Fix Resolution: 3.13.0

Step up your Open Source Security Game with WhiteSource here