WS-2018-0588 (High) detected in querystringify-0.0.4.tgz - autoclosed

[mend-bolt-for-github]

WS-2018-0588 - High Severity Vulnerability

Vulnerable Library - querystringify-0.0.4.tgz

Querystringify - Small, simple but powerful query string parser.

Library home page: https://registry.npmjs.org/querystringify/-/querystringify-0.0.4.tgz

Path to dependency file: react-playground/node_modules/querystringify/package.json

Path to vulnerable library: react-playground/node_modules/querystringify/package.json

Dependency Hierarchy:

• react-scripts-0.9.5.tgz (Root Library)
  • react-dev-utils-0.5.2.tgz
    • sockjs-client-1.0.1.tgz
      • url-parse-1.1.8.tgz
        • ❌ querystringify-0.0.4.tgz (Vulnerable Library)

Found in HEAD commit: 1e308b7392b9b3b708488b10efeda90527d0aa12

Found in base branch: master

Vulnerability Details

A vulnerability was found in querystringify before 2.0.0. It's possible to override built-in properties of the resulting query string object if a malicious string is inserted in the query string.

Publish Date: 2018-04-19

URL: WS-2018-0588

CVSS 2 Score Details (7.6)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: unshiftio/querystringify@422eb4f

Release Date: 2019-06-04

Fix Resolution: 2.0.0

---

Step up your Open Source Security Game with WhiteSource here

[mend-bolt-for-github]

✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.