WS-2018-0232 (Medium) detected in multiple libraries - autoclosed

## WS-2018-0232 - Medium Severity Vulnerability
<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/vulnerability_details.png' width=19 height=20> Vulnerable Libraries - underscore.string-2.3.3.tgz, underscore.string-2.4.0.tgz, underscore.string-2.2.1.tgz</summary>


<details><summary>underscore.string-2.3.3.tgz</summary>

String manipulation extensions for Underscore.js javascript library.
Library home page: <a href="https://registry.npmjs.org/underscore.string/-/underscore.string-2.3.3.tgz">https://registry.npmjs.org/underscore.string/-/underscore.string-2.3.3.tgz</a>
Path to dependency file: /justapis-javascript-sdk/package.json
Path to vulnerable library: justapis-javascript-sdk/node_modules/grunt-legacy-log-utils/node_modules/underscore.string/package.json


Dependency Hierarchy:
 - grunt-0.4.5.tgz (Root Library)
 - grunt-legacy-log-0.1.3.tgz
 - :x: **underscore.string-2.3.3.tgz** (Vulnerable Library)
</details>
<details><summary>underscore.string-2.4.0.tgz</summary>

String manipulation extensions for Underscore.js javascript library.
Library home page: <a href="https://registry.npmjs.org/underscore.string/-/underscore.string-2.4.0.tgz">https://registry.npmjs.org/underscore.string/-/underscore.string-2.4.0.tgz</a>
Path to dependency file: /justapis-javascript-sdk/package.json
Path to vulnerable library: justapis-javascript-sdk/node_modules/argparse/node_modules/underscore.string/package.json


Dependency Hierarchy:
 - grunt-0.4.5.tgz (Root Library)
 - js-yaml-2.0.5.tgz
 - argparse-0.1.16.tgz
 - :x: **underscore.string-2.4.0.tgz** (Vulnerable Library)
</details>
<details><summary>underscore.string-2.2.1.tgz</summary>

String manipulation extensions for Underscore.js javascript library.
Library home page: <a href="https://registry.npmjs.org/underscore.string/-/underscore.string-2.2.1.tgz">https://registry.npmjs.org/underscore.string/-/underscore.string-2.2.1.tgz</a>
Path to dependency file: /justapis-javascript-sdk/package.json
Path to vulnerable library: justapis-javascript-sdk/node_modules/underscore.string/package.json


Dependency Hierarchy:
 - grunt-0.4.5.tgz (Root Library)
 - :x: **underscore.string-2.2.1.tgz** (Vulnerable Library)
</details>


</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png' width=19 height=20> Vulnerability Details</summary>
 
 
Underscore.string, before 3.3.5, is vulnerable to Regular Expression Denial of Service (ReDoS).

Publish Date: 2018-10-03
URL: <a href=https://github.com/epeli/underscore.string/commit/f486cd684c94c12db48b45d52b1472a1b9661029>WS-2018-0232</a>

</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png' width=19 height=20> CVSS 2 Score Details (5.0)</summary>


Base Score Metrics not available


</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/suggested_fix.png' width=19 height=20> Suggested Fix</summary>


Type: Upgrade version
Origin: <a href="https://www.npmjs.com/advisories/745">https://www.npmjs.com/advisories/745</a>
Release Date: 2018-12-30
Fix Resolution: 3.3.5


</details>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

WS-2018-0232 (Medium) detected in multiple libraries - autoclosed #81

WS-2018-0232 - Medium Severity Vulnerability

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

WS-2018-0232 (Medium) detected in multiple libraries - autoclosed #81

Description

WS-2018-0232 - Medium Severity Vulnerability

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions