Description
WS-2018-0588 - High Severity Vulnerability
Vulnerable Libraries - querystringify-1.0.0.tgz, querystringify-0.0.4.tgz
querystringify-1.0.0.tgz
Querystringify - Small, simple but powerful query string parser.
Library home page: https://registry.npmjs.org/querystringify/-/querystringify-1.0.0.tgz
Path to dependency file: vuenut/package.json
Path to vulnerable library: vuenut/node_modules/url-parse/node_modules/querystringify/package.json
Dependency Hierarchy:
- cli-service-3.0.0-beta.6.tgz (Root Library)
- webpack-dev-server-2.11.2.tgz
- sockjs-client-1.1.4.tgz
- url-parse-1.3.0.tgz
- ❌ querystringify-1.0.0.tgz (Vulnerable Library)
- url-parse-1.3.0.tgz
- sockjs-client-1.1.4.tgz
- webpack-dev-server-2.11.2.tgz
querystringify-0.0.4.tgz
Querystringify - Small, simple but powerful query string parser.
Library home page: https://registry.npmjs.org/querystringify/-/querystringify-0.0.4.tgz
Path to dependency file: vuenut/package.json
Path to vulnerable library: vuenut/node_modules/querystringify/package.json
Dependency Hierarchy:
- cli-service-3.0.0-beta.6.tgz (Root Library)
- webpack-dev-server-2.11.2.tgz
- sockjs-client-1.1.4.tgz
- eventsource-0.1.6.tgz
- original-1.0.0.tgz
- url-parse-1.0.5.tgz
- ❌ querystringify-0.0.4.tgz (Vulnerable Library)
- url-parse-1.0.5.tgz
- original-1.0.0.tgz
- eventsource-0.1.6.tgz
- sockjs-client-1.1.4.tgz
- webpack-dev-server-2.11.2.tgz
Found in HEAD commit: 8ef0c5a1523ba08434c5a1320f09f557f566724a
Found in base branch: master
Vulnerability Details
A vulnerability was found in querystringify before 2.0.0. It's possible to override built-in properties of the resulting query string object if a malicious string is inserted in the query string.
Publish Date: 2018-04-19
URL: WS-2018-0588
CVSS 2 Score Details (7.6)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: unshiftio/querystringify@422eb4f
Release Date: 2019-06-04
Fix Resolution: 2.0.0
Step up your Open Source Security Game with WhiteSource here