WS-2019-0058 (Medium) detected in webpack-bundle-analyzerv3.1.0 - autoclosed #10
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
Mend: dependency security vulnerability
mend-bolt-for-github
bot
changed the title
|
✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WS-2019-0058 - Medium Severity Vulnerability
Webpack plugin and CLI utility that represents bundle content as convenient interactive zoomable treemap
Library home page: https://github.com/webpack-contrib/webpack-bundle-analyzer.git
Found in HEAD commit: 545e4427bda2a453dbb07c833518fdcc261cc1d5
Found in base branch: main
Versions of webpack-bundle-analyzer prior to 3.3.2 are vulnerable to Cross-Site Scripting. The package uses JSON.stringify() without properly escaping input which may lead to Cross-Site Scripting.
Publish Date: 2019-04-11
URL: WS-2019-0058
Base Score Metrics not available
Type: Upgrade version
Origin: webpack-contrib/webpack-bundle-analyzer#263
Release Date: 2019-04-23
Fix Resolution: 3.3.2
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: