WS-2017-0266 Medium Severity Vulnerability detected by WhiteSource #62
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WS-2017-0266 - Medium Severity Vulnerability
Reference implementation of Joyent's HTTP Signature scheme.
path: /tmp/git/jenkins-material-theme/node_modules/grunt-image-embed/node_modules/http-signature/package.json
Library home page: http://registry.npmjs.org/http-signature/-/http-signature-0.10.1.tgz
Dependency Hierarchy:
Affected versions (before 1.0.0) of the http-signature package are vulnerable to Timing Attacks.
Publish Date: 2017-06-28
URL: WS-2017-0266
Base Score Metrics not available
Type: Change files
Origin: TritonDataCenter/node-http-signature@78ab1da
Release Date: 2015-09-21
Fix Resolution: Replace or update the following file: verify.js
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: