WS-2018-0232 (Medium) detected in underscore.string-3.2.3.tgz #65
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-github-com
bot
added
the
security vulnerability
|
The vulnerability was fixed in this PR https://github.com/loggly/loggly-jslogger/pull/80/files |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WS-2018-0232 - Medium Severity Vulnerability
String manipulation extensions for Underscore.js javascript library.
Library home page: https://registry.npmjs.org/underscore.string/-/underscore.string-3.2.3.tgz
Path to dependency file: loggly-jslogger/package.json
Path to vulnerable library: loggly-jslogger/node_modules/underscore.string/package.json
Dependency Hierarchy:
Found in HEAD commit: 3247b5841e5a8923baf2e98a1914570b38eadd97
Found in base branch: master
Underscore.string, before 3.3.5, is vulnerable to Regular Expression Denial of Service (ReDoS).
Publish Date: 2018-10-03
URL: WS-2018-0232
Base Score Metrics not available
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/745
Release Date: 2018-12-30
Fix Resolution: 3.3.5
The text was updated successfully, but these errors were encountered: