vip-git/react-ssr-advanced-seed

WS-2018-0592 (Medium) detected in eslint-3.19.0.tgz

mend-bolt-for-github opened this issue · 0 comments

mend-bolt-for-github commented

WS-2018-0592 - Medium Severity Vulnerability

Vulnerable Library - eslint-3.19.0.tgz

An AST-based pattern checker for JavaScript.

Library home page: https://registry.npmjs.org/eslint/-/eslint-3.19.0.tgz

Path to dependency file: /react-ssr-advanced-seed/package.json

Path to vulnerable library: /tmp/git/react-ssr-advanced-seed/node_modules/eslint-plugin-class-property/node_modules/eslint/package.json

Dependency Hierarchy:

  • eslint-plugin-class-property-1.1.0.tgz (Root Library)
    • eslint-3.19.0.tgz (Vulnerable Library)

Found in HEAD commit: f84fff9000b9c5c18d042e438192f1d4e10126c3

Vulnerability Details

A vulnerability was descovered in eslint before 4.18.2. One of the regexes in eslint is vulnerable to catastrophic backtracking.

Publish Date: 2019-06-17

URL: WS-2018-0592

CVSS 2 Score Details (4.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: eslint/eslint#10002

Release Date: 2019-06-16

Fix Resolution: 4.18.2

Step up your Open Source Security Game with WhiteSource here