WS-2018-0096 High Severity Vulnerability detected by WhiteSource #12

mend-bolt-for-github · 2018-12-07T12:44:15Z

WS-2018-0096 - High Severity Vulnerability

Vulnerable Library - base64url-2.0.0.tgz

For encoding to/from base64urls

path: /tmp/git/listo-firebase/firebase/functions/node_modules/firebase-admin/node_modules/base64url/package.json

Library home page: https://registry.npmjs.org/base64url/-/base64url-2.0.0.tgz

Dependency Hierarchy:

actions-on-google-1.9.0.tgz (Root Library)
- google-auth-library-1.3.1.tgz
  - jws-3.1.4.tgz
    - ❌ base64url-2.0.0.tgz (Vulnerable Library)

Vulnerability Details

Versions of base64url before 3.0.0 are vulnerable to to out-of-bounds reads as it allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below.

Publish Date: 2018-05-16

URL: WS-2018-0096

CVSS 2 Score Details (7.1)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Dec 7, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2018-0096 High Severity Vulnerability detected by WhiteSource #12

WS-2018-0096 High Severity Vulnerability detected by WhiteSource #12

mend-bolt-for-github bot commented Dec 7, 2018

WS-2018-0096 High Severity Vulnerability detected by WhiteSource #12

WS-2018-0096 High Severity Vulnerability detected by WhiteSource #12

Comments

mend-bolt-for-github bot commented Dec 7, 2018

WS-2018-0096 - High Severity Vulnerability