Skip to content

WS-2017-0236 (Medium) detected in growl-1.9.2.tgz - autoclosed #51

New issue
New issue
Closed
Closed
WS-2017-0236 (Medium) detected in growl-1.9.2.tgz - autoclosed#51
Labels
Mend: dependency security vulnerabilitySecurity vulnerability detected by WhiteSource
@mend-for-github-com

Description

@mend-for-github-com
mend-for-github-com
bot
opened on Jun 18, 2019

WS-2017-0236 - Medium Severity Vulnerability

Vulnerable Library - growl-1.9.2.tgz

Growl unobtrusive notifications

Library home page: https://registry.npmjs.org/growl/-/growl-1.9.2.tgz

Path to dependency file: /justapis-javascript-sdk/package.json

Path to vulnerable library: /tmp/git/justapis-javascript-sdk/node_modules/growl/package.json

Dependency Hierarchy:

  • mocha-2.5.3.tgz (Root Library)
    • growl-1.9.2.tgz (Vulnerable Library)

Found in HEAD commit: 3ca192403e92db3173fd513bbb67c49050b748e7

Vulnerability Details

Affected versions of the package are vulnerable to Arbitrary Code Injection.

Publish Date: 2017-05-01

URL: WS-2017-0236

CVSS 2 Score Details (5.6)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: tj/node-growl@d9f6ea2

Release Date: 2016-09-05

Fix Resolution: Replace or update the following files: package.json, growl.js

Step up your Open Source Security Game with WhiteSource here

Metadata

Metadata

Assignees

No one assigned

    Labels

    Mend: dependency security vulnerabilitySecurity vulnerability detected by WhiteSource

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions