Skip to content

WS-2018-0588 (High) detected in querystringify-1.0.0.tgz #122

New issue
New issue
Closed
Closed
WS-2018-0588 (High) detected in querystringify-1.0.0.tgz#122
Labels
Mend: dependency security vulnerabilitySecurity vulnerability detected by WhiteSource
@mend-bolt-for-github

Description

@mend-bolt-for-github
mend-bolt-for-github
opened on Jun 5, 2019

WS-2018-0588 - High Severity Vulnerability

Vulnerable Library - querystringify-1.0.0.tgz

Querystringify - Small, simple but powerful query string parser.

Library home page: https://registry.npmjs.org/querystringify/-/querystringify-1.0.0.tgz

Path to dependency file: /apexo/package.json

Path to vulnerable library: /tmp/git/apexo/node_modules/querystringify/package.json

Dependency Hierarchy:

  • pouchdb-authentication-1.1.3.tgz (Root Library)
    • url-parse-1.2.0.tgz
      • querystringify-1.0.0.tgz (Vulnerable Library)

Found in HEAD commit: 3e1f1a630b2e4cf085971585dd7b40cd55fca73c

Vulnerability Details

A vulnerability was found in querystringify before 2.0.0. It's possible to override built-in properties of the resulting query string object if a malicious string is inserted in the query string.

Publish Date: 2019-06-04

URL: WS-2018-0588

CVSS 2 Score Details (7.6)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: unshiftio/querystringify@422eb4f

Release Date: 2019-06-04

Fix Resolution: 2.0.0

Step up your Open Source Security Game with WhiteSource here

Metadata

Metadata

Assignees

No one assigned

    Labels

    Mend: dependency security vulnerabilitySecurity vulnerability detected by WhiteSource

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions