WS-2017-0206 Medium Severity Vulnerability detected by WhiteSource #52

mend-bolt-for-github · 2019-02-22T01:14:04Z

WS-2017-0206 - Medium Severity Vulnerability

Vulnerable Library - brace-expansion-1.1.6.tgz

Brace expansion as known from sh/bash

path: /tmp/git/jenkins-material-theme/node_modules/npm/node_modules/read-package-json/node_modules/glob/node_modules/minimatch/node_modules/brace-expansion/package.json

Library home page: https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.6.tgz

Dependency Hierarchy:

npm-3.10.10.tgz (Root Library)
- fstream-npm-1.2.0.tgz
  - fstream-ignore-1.0.5.tgz
    - minimatch-3.0.3.tgz
      - ❌ brace-expansion-1.1.6.tgz (Vulnerable Library)

Vulnerability Details

Brace-expansion is a module to support bash-like brace expansion in JavaScript.
For example,{1,2,3,4} would expand to 1 2 3 4. brace expansion versions before 1.1.7 are vulnerable to Regular Expression Denial of Service attacks.

Publish Date: 2017-04-25

URL: WS-2017-0206

CVSS 2 Score Details (6.2)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: juliangruber/brace-expansion@b133812

Release Date: 2017-04-07

Fix Resolution: Replace or update the following file: index.js

Step up your Open Source Security Game with WhiteSource here

The text was updated successfully, but these errors were encountered:

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Feb 22, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2017-0206 Medium Severity Vulnerability detected by WhiteSource #52

WS-2017-0206 Medium Severity Vulnerability detected by WhiteSource #52

mend-bolt-for-github bot commented Feb 22, 2019

WS-2017-0206 Medium Severity Vulnerability detected by WhiteSource #52

WS-2017-0206 Medium Severity Vulnerability detected by WhiteSource #52

Comments

mend-bolt-for-github bot commented Feb 22, 2019

WS-2017-0206 - Medium Severity Vulnerability