CVE-2020-7753 (High) detected in trim-0.0.1.tgz #2246
Labels
Comments
|
👋 Thanks for reporting! |
|
Greetings! Sorry to say but this is a very old issue that is probably not getting as much attention as it deservers. We encourage you to check if this is still an issue in the latest release and if you find that this is still a problem, please feel free to open a new one. |
github-actions
bot
added
closing-soon
closed-for-staleness
and removed
closing-soon
labels
|
This old thread has been automatically locked. If you think you have found something related to this, please open a new issue by following the issue guide (https://github.com/AlexRogalskiy/java-patterns/blob/master/.github/ISSUE_TEMPLATE/bug_report.md), and link to this old issue if necessary. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
CVE-2020-7753 - High Severity Vulnerability
Trim string whitespace
Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/trim/package.json
Dependency Hierarchy:
Found in HEAD commit: 97491cd0439ddee333eafc630b938430a5a51b0f
Found in base branch: master
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Publish Date: 2020-10-27
URL: CVE-2020-7753
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: component/trim#8
Release Date: 2020-10-27
Fix Resolution (trim): 0.0.3
Direct dependency fix Resolution (alex): 10.0.0
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: