WS-2017-0247 Low Severity Vulnerability detected by WhiteSource #8

mend-bolt-for-github · 2019-03-05T19:17:59Z

WS-2017-0247 - Low Severity Vulnerability

Vulnerable Libraries - ms-0.7.2.tgz, ms-0.7.1.tgz

ms-0.7.2.tgz

Tiny milisecond conversion utility

path: /tmp/git/vulnerable-web-application/node_modules/ms/package.json

Dependency Hierarchy:

body-parser-1.16.1.tgz (Root Library)
- debug-2.6.1.tgz
  - ❌ ms-0.7.2.tgz (Vulnerable Library)

ms-0.7.1.tgz

Tiny ms conversion utility

path: /tmp/git/vulnerable-web-application/node_modules/express/node_modules/ms/package.json

Dependency Hierarchy:

express-4.13.2.tgz (Root Library)
- debug-2.2.0.tgz
  - ❌ ms-0.7.1.tgz (Vulnerable Library)

Vulnerability Details

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS).

Publish Date: 2017-05-15

CVSS 2 Score Details (3.4)

Base Score Metrics not available

Suggested Fix

Type: Change files

Release Date: 2017-04-12

Fix Resolution: Replace or update the following file: index.js

Step up your Open Source Security Game with WhiteSource here

The text was updated successfully, but these errors were encountered:

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Mar 5, 2019