pi-nexus-autonomous-banking-network icon indicating copy to clipboard operation
pi-nexus-autonomous-banking-network copied to clipboard

Published 20 hours ago verified publisher icon KOSASIH

web3-1.5.0.min.js: 1 vulnerabilities (highest severity is: 3.3)

Open mend-bolt-for-github[bot] opened this issue 1 year ago • 2 comments

Vulnerable Library - web3-1.5.0.min.js

Ethereum JavaScript API

Library home page: https://cdnjs.cloudflare.com/ajax/libs/web3/1.5.0/web3.min.js

Path to dependency file: /blockchain_integration/pi_network/apps/PiGenesis/app/public/index.html

Path to vulnerable library: /blockchain_integration/pi_network/apps/PiGenesis/app/public/index.html

Found in HEAD commit: 011e5f9d5ce310049a1a68c19f7df65be4f88caf

Vulnerabilities

Vulnerability Severity CVSS Dependency Type Fixed in (web3 version) Remediation Possible**
WS-2019-0075 Low 3.3 web3-1.5.0.min.js Direct web3 - 1.5.3-rc.0

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

WS-2019-0075

Vulnerable Library - web3-1.5.0.min.js

Ethereum JavaScript API

Library home page: https://cdnjs.cloudflare.com/ajax/libs/web3/1.5.0/web3.min.js

Path to dependency file: /blockchain_integration/pi_network/apps/PiGenesis/app/public/index.html

Path to vulnerable library: /blockchain_integration/pi_network/apps/PiGenesis/app/public/index.html

Dependency Hierarchy:

  • :x: web3-1.5.0.min.js (Vulnerable Library)

Found in HEAD commit: 011e5f9d5ce310049a1a68c19f7df65be4f88caf

Found in base branch: main

Vulnerability Details

All versions of web3 are vulnerable to Insecure Credential Storage

Publish Date: 2019-05-15

URL: WS-2019-0075

CVSS 3 Score Details (3.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: None
    • Availability Impact: None
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/WS-2019-0075

Release Date: 2019-05-15

Fix Resolution: web3 - 1.5.3-rc.0

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] avatar Jun 15 '24 11:06 mend-bolt-for-github[bot]

Stale issue message

github-actions[bot] avatar Aug 14 '24 15:08 github-actions[bot]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-bolt-for-github[bot] avatar Jan 15 '25 18:01 mend-bolt-for-github[bot]

Stale issue message

github-actions[bot] avatar Jul 15 '25 15:07 github-actions[bot]

Stale issue message

github-actions[bot] avatar Sep 18 '25 15:09 github-actions[bot]