WS-2019-0032 Medium Severity Vulnerability detected by WhiteSource #23

mend-bolt-for-github · 2019-03-27T14:39:25Z

WS-2019-0032 - Medium Severity Vulnerability

Vulnerable Library - js-yaml-3.7.0.tgz

YAML 1.2 parser and serializer

path: /tmp/git/react-material-webpack-boiler/node_modules/postcss-svgo/node_modules/js-yaml/package.json

Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.7.0.tgz

Dependency Hierarchy:

css-loader-0.28.11.tgz (Root Library)
- cssnano-3.10.0.tgz
  - postcss-svgo-2.1.6.tgz
    - svgo-0.7.2.tgz
      - ❌ js-yaml-3.7.0.tgz (Vulnerable Library)

Found in HEAD commit: 33b3f5702d5db3b85059ac03c0021f5c6bb8c81d

Vulnerability Details

Versions js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

Publish Date: 2019-03-26

URL: WS-2019-0032

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/788/versions

Release Date: 2019-03-26

Fix Resolution: 3.13.0

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Mar 27, 2019

pritam-patil closed this as completed Mar 27, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2019-0032 Medium Severity Vulnerability detected by WhiteSource #23

WS-2019-0032 Medium Severity Vulnerability detected by WhiteSource #23

mend-bolt-for-github bot commented Mar 27, 2019

WS-2019-0032 Medium Severity Vulnerability detected by WhiteSource #23

WS-2019-0032 Medium Severity Vulnerability detected by WhiteSource #23

Comments

mend-bolt-for-github bot commented Mar 27, 2019

WS-2019-0032 - Medium Severity Vulnerability