WS-2019-0032 Medium Severity Vulnerability detected by WhiteSource #11

mend-bolt-for-github · 2019-03-31T10:23:24Z

WS-2019-0032 - Medium Severity Vulnerability

Vulnerable Library - js-yaml-3.5.5.tgz

YAML 1.2 parser and serializer

path: /tmp/git/grafana-logzio-datasource/node_modules/js-yaml/package.json

Library home page: http://registry.npmjs.org/js-yaml/-/js-yaml-3.5.5.tgz

Dependency Hierarchy:

grunt-1.0.3.tgz (Root Library)
- ❌ js-yaml-3.5.5.tgz (Vulnerable Library)

Vulnerability Details

Versions js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

Publish Date: 2019-03-26

URL: WS-2019-0032

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/788/versions

Release Date: 2019-03-26

Fix Resolution: 3.13.0

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Mar 31, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2019-0032 Medium Severity Vulnerability detected by WhiteSource #11

WS-2019-0032 Medium Severity Vulnerability detected by WhiteSource #11

mend-bolt-for-github bot commented Mar 31, 2019

WS-2019-0032 Medium Severity Vulnerability detected by WhiteSource #11

WS-2019-0032 Medium Severity Vulnerability detected by WhiteSource #11

Comments

mend-bolt-for-github bot commented Mar 31, 2019

WS-2019-0032 - Medium Severity Vulnerability