WS-2018-0347 (Medium) detected in eslint-3.19.0.tgz #284
Description
WS-2018-0347 - Medium Severity Vulnerability
Vulnerable Library - eslint-3.19.0.tgz
An AST-based pattern checker for JavaScript.
Library home page: https://registry.npmjs.org/eslint/-/eslint-3.19.0.tgz
Path to dependency file: cloud-pipeline/data-sharing-service/client/package.json
Path to vulnerable library: cloud-pipeline/data-sharing-service/client/node_modules/eslint/package.json
Dependency Hierarchy:
- ❌ eslint-3.19.0.tgz (Vulnerable Library)
Found in HEAD commit: 1db3170e0bd699acd5fec6e3fcebfa68fe86edcf
Found in base branch: develop
Vulnerability Details
A vulnerability was descovered in eslint before 4.18.2. One of the regexes in eslint is vulnerable to catastrophic backtracking.
Publish Date: 2018-02-27
URL: WS-2018-0347
CVSS 3 Score Details (4.0)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: High
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: eslint/eslint#10002
Release Date: 2019-06-16
Fix Resolution: 4.18.2
⛑️ Automatic Remediation is available for this issue