You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
acorn is vulnerable to REGEX DoS. A regex of the form /[x-\ud800]/u causes the parser to enter an infinite loop. attackers may leverage the vulnerability leading to a Denial of Service since the string is not valid UTF16 and it results in it being sanitized before reaching the parser.
WS-2020-0042 - Medium Severity Vulnerability
acorn-2.7.0.tgz
ECMAScript parser
Library home page: https://registry.npmjs.org/acorn/-/acorn-2.7.0.tgz
Path to dependency file: /tmp/ws-scm/webpack-mpa-next/package.json
Path to vulnerable library: /tmp/ws-scm/webpack-mpa-next/node_modules/acorn-globals/node_modules/acorn/package.json
Dependency Hierarchy:
acorn-6.4.0.tgz
ECMAScript parser
Library home page: https://registry.npmjs.org/acorn/-/acorn-6.4.0.tgz
Path to dependency file: /tmp/ws-scm/webpack-mpa-next/package.json
Path to vulnerable library: /tmp/ws-scm/webpack-mpa-next/node_modules/eslint-config-react-native/node_modules/acorn/package.json
Dependency Hierarchy:
Found in HEAD commit: 20f2ee206546069f14a20babae1ee1dfe5b38aa0
acorn is vulnerable to REGEX DoS. A regex of the form /[x-\ud800]/u causes the parser to enter an infinite loop. attackers may leverage the vulnerability leading to a Denial of Service since the string is not valid UTF16 and it results in it being sanitized before reaching the parser.
Publish Date: 2020-03-08
URL: WS-2020-0042
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1488
Release Date: 2020-03-08
Fix Resolution: 7.1.1
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: