WS-2018-0590 (High) detected in diff-1.4.0.tgz #10

mend-bolt-for-github · 2020-06-30T14:59:02Z

WS-2018-0590 - High Severity Vulnerability

Vulnerable Library - diff-1.4.0.tgz

A javascript text diff implementation.

Library home page: https://registry.npmjs.org/diff/-/diff-1.4.0.tgz

Path to dependency file: oas-nodegen/package.json

Path to vulnerable library: oas-nodegen/node_modules/diff/package.json

Dependency Hierarchy:

mocha-2.5.3.tgz (Root Library)
- ❌ diff-1.4.0.tgz (Vulnerable Library)

Found in HEAD commit: 68d751bdae4e5002c9a62b3c3b3e2371120cff95

Found in base branch: master

Vulnerability Details

A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

Publish Date: 2018-03-05

URL: WS-2018-0590

CVSS 2 Score Details (7.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: kpdecker/jsdiff@2aec429

Release Date: 2019-06-11

Fix Resolution: 3.5.0

Step up your Open Source Security Game with WhiteSource here

The text was updated successfully, but these errors were encountered:

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Jun 30, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2018-0590 (High) detected in diff-1.4.0.tgz #10

WS-2018-0590 (High) detected in diff-1.4.0.tgz #10

mend-bolt-for-github bot commented Jun 30, 2020 •

edited

Loading

WS-2018-0590 (High) detected in diff-1.4.0.tgz #10

WS-2018-0590 (High) detected in diff-1.4.0.tgz #10

Comments

mend-bolt-for-github bot commented Jun 30, 2020 • edited Loading

WS-2018-0590 - High Severity Vulnerability

mend-bolt-for-github bot commented Jun 30, 2020 •

edited

Loading