This repository has been archived by the owner on May 4, 2020. It is now read-only.
WS-2019-0381 (Medium) detected in kind-of-6.0.2.tgz #21
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
WS-2019-0381 - Medium Severity Vulnerability
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz
Path to dependency file: /tmp/ws-scm/Banks_List_Demo/package.json
Path to vulnerable library: /tmp/ws-scm/Banks_List_Demo/node_modules/kind-of/package.json
Dependency Hierarchy:
Found in HEAD commit: 938b25a77bb1a748974209e1799e91b109c8a966
Versions of kind-of 6.x prior to 6.0.3 are vulnerable to a Validation Bypass. A maliciously crafted object can alter the result of the type check, allowing attackers to bypass the type checking validation.
Publish Date: 2020-03-18
URL: WS-2019-0381
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: jonschlinkert/kind-of@975c13a
Release Date: 2020-03-18
Fix Resolution: kind-of - 6.0.3
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: