SPA-asp.net-api-vuejs- icon indicating copy to clipboard operation
SPA-asp.net-api-vuejs- copied to clipboard

Published 20 hours ago verified publisher icon mubaidr

WS-2018-0069 Low Severity Vulnerability detected by WhiteSource

Open mend-bolt-for-github[bot] opened this issue 5 years ago • 0 comments

WS-2018-0069 - Low Severity Vulnerability

Vulnerable Library - is-my-json-valid-2.16.1.tgz

A JSONSchema validator that uses code generation to be extremely fast

path: /tmp/git/SPA-asp.net-api-vuejs-/MBO/node_modules/is-my-json-valid/package.json

Library home page: https://registry.npmjs.org/is-my-json-valid/-/is-my-json-valid-2.16.1.tgz

Dependency Hierarchy:

  • prerender-spa-plugin-2.1.0.tgz (Root Library)
    • phantomjs-prebuilt-2.1.8.tgz
      • request-2.74.0.tgz
        • har-validator-2.0.6.tgz
          • :x: is-my-json-valid-2.16.1.tgz (Vulnerable Library)

Vulnerability Details

Version of is-my-json-valid before 1.4.1 or 2.17.2 are vulnerable to regular expression denial of service (ReDoS) via the email validation function.

Publish Date: 2018-04-21

URL: WS-2018-0069

CVSS 2 Score Details (3.7)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github[bot] avatar Feb 11 '19 03:02 mend-bolt-for-github[bot]