WS-2019-0063 (High) detected in js-yaml-3.13.0.tgz #88

mend-bolt-for-github · 2019-06-06T16:54:12Z

WS-2019-0063 - High Severity Vulnerability

Vulnerable Library - js-yaml-3.13.0.tgz

YAML 1.2 parser and serializer

Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.13.0.tgz

Path to dependency file: /TribeDashboard/functions/package.json

Path to vulnerable library: /tmp/git/TribeDashboard/functions/node_modules/js-yaml/package.json,/tmp/git/TribeDashboard/functions/node_modules/js-yaml/package.json

Dependency Hierarchy:

tslint-5.11.0.tgz (Root Library)
- ❌ js-yaml-3.13.0.tgz (Vulnerable Library)

Found in HEAD commit: 20a2054060185a247b3b2f912dc27995170ac2a9

Vulnerability Details

Js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file.

Publish Date: 2019-04-30

URL: WS-2019-0063

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/813

Release Date: 2019-04-30

Fix Resolution: 3.13.1

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Jun 6, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2019-0063 (High) detected in js-yaml-3.13.0.tgz #88

WS-2019-0063 (High) detected in js-yaml-3.13.0.tgz #88

mend-bolt-for-github bot commented Jun 6, 2019

WS-2019-0063 (High) detected in js-yaml-3.13.0.tgz #88

WS-2019-0063 (High) detected in js-yaml-3.13.0.tgz #88

Comments

mend-bolt-for-github bot commented Jun 6, 2019

WS-2019-0063 - High Severity Vulnerability