SpotiByeAds icon indicating copy to clipboard operation
SpotiByeAds copied to clipboard

Published 20 hours ago verified publisher icon daspartho

WS-2019-0425 (Medium) detected in mocha-2.5.3.min.js

Open mend-bolt-for-github[bot] opened this issue 4 years ago • 0 comments

WS-2019-0425 - Medium Severity Vulnerability

Vulnerable Library - mocha-2.5.3.min.js

simple, flexible, fun test framework

Library home page: https://cdnjs.cloudflare.com/ajax/libs/mocha/2.5.3/mocha.min.js

Path to dependency file: /node_modules/intersection-observer/intersection-observer-test.html

Path to vulnerable library: /node_modules/intersection-observer/intersection-observer-test.html

Dependency Hierarchy:

  • :x: mocha-2.5.3.min.js (Vulnerable Library)

Found in HEAD commit: 5ab87822afd91cf2c356b709e4d7762392cfc200

Found in base branch: master

Vulnerability Details

Mocha is vulnerable to ReDoS attack. If the stack trace in utils.js begins with a large error message, and full-trace is not enabled, utils.stackTraceFilter() will take exponential run time.

Publish Date: 2019-01-24

URL: WS-2019-0425

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2019-01-24

Fix Resolution: v6.0.0

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] avatar Jun 03 '21 20:06 mend-bolt-for-github[bot]