WS-2017-0236 (Medium) detected in growl-1.9.2.tgz - autoclosed #25
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
Mend: dependency security vulnerability
|
✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory. |
mend-bolt-for-github
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WS-2017-0236 - Medium Severity Vulnerability
Growl unobtrusive notifications
Library home page: https://registry.npmjs.org/growl/-/growl-1.9.2.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /tmp/git/conception-website/node_modules/growl/package.json
Dependency Hierarchy:
Found in HEAD commit: aafabe1f890f6614128b3e3a46fcacc878d945e9
Affected versions of the package are vulnerable to Arbitrary Code Injection.
Publish Date: 2017-05-01
URL: WS-2017-0236
Base Score Metrics not available
Type: Change files
Origin: tj/node-growl@d9f6ea2
Release Date: 2016-09-05
Fix Resolution: Replace or update the following files: package.json, growl.js
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: