WS-2018-0590 (High) detected in diff-3.2.0.tgz #6

mend-bolt-for-github · 2019-09-11T00:56:26Z

WS-2018-0590 - High Severity Vulnerability

Vulnerable Library - diff-3.2.0.tgz

A javascript text diff implementation.

Library home page: https://registry.npmjs.org/diff/-/diff-3.2.0.tgz

Path to dependency file: /tmp/ws-scm/Website/package.json

Path to vulnerable library: /Website/node_modules/diff/package.json

Dependency Hierarchy:

❌ diff-3.2.0.tgz (Vulnerable Library)

Found in HEAD commit: 192315db4ed122ba7d7919df34e543ab6e35646b

Vulnerability Details

A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

Publish Date: 2019-06-11

URL: WS-2018-0590

CVSS 2 Score Details (7.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: kpdecker/jsdiff@2aec429

Release Date: 2019-06-11

Fix Resolution: 3.5.0

Step up your Open Source Security Game with WhiteSource here

The text was updated successfully, but these errors were encountered:

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Sep 11, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2018-0590 (High) detected in diff-3.2.0.tgz #6

WS-2018-0590 (High) detected in diff-3.2.0.tgz #6

mend-bolt-for-github bot commented Sep 11, 2019

WS-2018-0590 (High) detected in diff-3.2.0.tgz #6

WS-2018-0590 (High) detected in diff-3.2.0.tgz #6

Comments

mend-bolt-for-github bot commented Sep 11, 2019

WS-2018-0590 - High Severity Vulnerability