ever-co/ever-demand-docs

WS-2019-0032 Medium Severity Vulnerability detected by WhiteSource

mend-bolt-for-github opened this issue · 0 comments

mend-bolt-for-github commented

WS-2019-0032 - Medium Severity Vulnerability

Vulnerable Library - js-yaml-3.7.0.tgz

YAML 1.2 parser and serializer

path: /tmp/git/ever-docs/website/node_modules/js-yaml/package.json

Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.7.0.tgz

Dependency Hierarchy:

  • docusaurus-1.8.0.tgz (Root Library)
    • cssnano-3.10.0.tgz
      • postcss-svgo-2.1.6.tgz
        • svgo-0.7.2.tgz
          • js-yaml-3.7.0.tgz (Vulnerable Library)

Found in HEAD commit: 36f2d051a20d62b0f87556d295336224be0a4924

Vulnerability Details

Versions js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

Publish Date: 2019-03-26

URL: WS-2019-0032

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/788/versions

Release Date: 2019-03-26

Fix Resolution: 3.13.0

Step up your Open Source Security Game with WhiteSource here