SPA-asp.net-api-vuejs- icon indicating copy to clipboard operation
SPA-asp.net-api-vuejs- copied to clipboard

Published 20 hours ago verified publisher icon mubaidr

CVE-2017-16111 High Severity Vulnerability detected by WhiteSource

Open mend-bolt-for-github[bot] opened this issue 6 years ago • 0 comments

CVE-2017-16111 - High Severity Vulnerability

Vulnerable Library - content-3.0.0.tgz

HTTP Content-* headers parsing

path: /tmp/git/SPA-asp.net-api-vuejs-/MBO/node_modules/hapi/node_modules/subtext/node_modules/content/package.json

Library home page: http://registry.npmjs.org/content/-/content-3.0.0.tgz

Dependency Hierarchy:

  • prerender-spa-plugin-2.1.0.tgz (Root Library)
    • hapi-13.2.2.tgz
      • subtext-4.0.0.tgz
        • :x: content-3.0.0.tgz (Vulnerable Library)

Vulnerability Details

The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header.

Publish Date: 2018-06-07

URL: CVE-2017-16111

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: https://github.com/hapijs/content/commit/3a8a6cbaf111955ec514019c2122cb278cc36a23

Release Date: 2017-09-12

Fix Resolution: Replace or update the following files: package.json, index.js

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github[bot] avatar Feb 11 '19 03:02 mend-bolt-for-github[bot]