WS-2018-0215 (Medium) detected in cached-path-relative-1.0.1.tgz #101
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WS-2018-0215 - Medium Severity Vulnerability
Memoize the results of the path.relative function
Library home page: https://registry.npmjs.org/cached-path-relative/-/cached-path-relative-1.0.1.tgz
Path to dependency file: /spa-deploy/package.json
Path to vulnerable library: /tmp/git/spa-deploy/node_modules/cached-path-relative/package.json
Dependency Hierarchy:
Found in HEAD commit: 0bb85093b8f677bcf34edb77e84b6e9685a9c040
Version of cached-path-relative before 1.0.2 are vulnerable to prototype pollution.
Publish Date: 2018-12-06
URL: WS-2018-0215
Base Score Metrics not available
Type: Upgrade version
Origin: ashaffer/cached-path-relative@a43cffe
Release Date: 2018-12-06
Fix Resolution: 1.0.2
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: