scriptex/rollup-mpa

CVE-2020-7753 (High) detected in trim-0.0.1.tgz

Closed this issue · 0 comments

mend-bolt-for-github commented

CVE-2020-7753 - High Severity Vulnerability

Vulnerable Library - trim-0.0.1.tgz

Trim string whitespace

Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz

Path to dependency file: rollup-mpa/package.json

Path to vulnerable library: rollup-mpa/node_modules/trim/package.json

Dependency Hierarchy:

  • stylelint-13.7.2.tgz (Root Library)
    • postcss-markdown-0.36.1.tgz
      • remark-12.0.1.tgz
        • remark-parse-8.0.3.tgz
          • trim-0.0.1.tgz (Vulnerable Library)

Found in HEAD commit: a67636263cb28228babaa25b84188a5f838c4d2f

Vulnerability Details

All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().

Publish Date: 2020-10-27

URL: CVE-2020-7753

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here