WS-2018-0209 Medium Severity Vulnerability detected by WhiteSource
mend-bolt-for-github opened this issue · 0 comments
mend-bolt-for-github commented
WS-2018-0209 - Medium Severity Vulnerability
Vulnerable Library - morgan-1.9.0.tgz
HTTP request logger middleware for node.js
path: /tmp/git/rn-readers-digest/node_modules/morgan/package.json
Library home page: https://registry.npmjs.org/morgan/-/morgan-1.9.0.tgz
Dependency Hierarchy:
- react-native-0.56.0.tgz (Root Library)
- ❌ morgan-1.9.0.tgz (Vulnerable Library)
Vulnerability Details
morgan before 1.9.1 is vulnerable to code injection when user input is allowed into the filter or combined with a prototype pollution attack.
Publish Date: 2018-11-25
URL: WS-2018-0209
CVSS 2 Score Details (6.8)
Base Score Metrics not available
Step up your Open Source Security Game with WhiteSource here