WS-2019-0100 (Medium) detected in fstream-1.0.11.tgz #33

mend-bolt-for-github · 2019-05-29T15:51:13Z

WS-2019-0100 - Medium Severity Vulnerability

Vulnerable Library - fstream-1.0.11.tgz

Advanced file system stream things

Path to dependency file: /tyhal.com/package.json

Path to vulnerable library: /tmp/git/tyhal.com/node_modules/npm/node_modules/fstream/package.json

Dependency Hierarchy:

node-sass-chokidar-1.3.4.tgz (Root Library)
- node-sass-4.11.0.tgz
  - node-gyp-3.8.0.tgz
    - ❌ fstream-1.0.11.tgz (Vulnerable Library)

Vulnerability Details

Versions of fstream prior to 1.0.12 are vulnerable to Arbitrary File Overwrite.

Publish Date: 2019-05-23

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Release Date: 2019-05-23

Fix Resolution: 1.0.12

Step up your Open Source Security Game with WhiteSource here

tyhal · 2019-07-14T06:10:39Z

Chokidar updated

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label May 29, 2019

tyhal closed this as completed Jul 14, 2019