You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to dependency file: import-moltin-to-algolia/package.json
Path to vulnerable library: import-moltin-to-algolia/node_modules/jest-runtime/node_modules/yargs-parser/package.json,import-moltin-to-algolia/node_modules/jest/node_modules/yargs-parser/package.json
mend-bolt-for-githubbot
changed the title
CVE-2020-7608 (High) detected in multiple libraries
CVE-2020-7608 (Medium) detected in multiple libraries
Oct 29, 2020
mend-bolt-for-githubbot
changed the title
CVE-2020-7608 (Medium) detected in multiple libraries
CVE-2020-7608 (Medium) detected in yargs-parser-10.1.0.tgz, yargs-parser-11.1.1.tgz
Oct 29, 2020
mend-bolt-for-githubbot
changed the title
CVE-2020-7608 (Medium) detected in yargs-parser-10.1.0.tgz, yargs-parser-11.1.1.tgz
CVE-2020-7608 (Medium) detected in yargs-parser-9.0.2.tgz, yargs-parser-13.1.0.tgz
Oct 29, 2020
mend-bolt-for-githubbot
changed the title
CVE-2020-7608 (Medium) detected in yargs-parser-9.0.2.tgz, yargs-parser-13.1.0.tgz
CVE-2020-7608 (Medium) detected in multiple libraries
Nov 28, 2020
mend-bolt-for-githubbot
changed the title
CVE-2020-7608 (Medium) detected in multiple libraries
CVE-2020-7608 (Medium) detected in yargs-parser-10.1.0.tgz, yargs-parser-11.1.1.tgz
Nov 28, 2020
mend-bolt-for-githubbot
changed the title
CVE-2020-7608 (Medium) detected in yargs-parser-10.1.0.tgz, yargs-parser-11.1.1.tgz
CVE-2020-7608 (Medium) detected in yargs-parser-9.0.2.tgz, yargs-parser-13.1.0.tgz
Nov 28, 2020
mend-bolt-for-githubbot
changed the title
CVE-2020-7608 (Medium) detected in yargs-parser-9.0.2.tgz, yargs-parser-13.1.0.tgz
CVE-2020-7608 (Medium) detected in multiple libraries
Nov 28, 2020
CVE-2020-7608 - Medium Severity Vulnerability
yargs-parser-13.1.0.tgz
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-13.1.0.tgz
Path to dependency file: import-moltin-to-algolia/package.json
Path to vulnerable library: import-moltin-to-algolia/node_modules/yargs-parser/package.json
Dependency Hierarchy:
yargs-parser-9.0.2.tgz
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-9.0.2.tgz
Path to dependency file: import-moltin-to-algolia/package.json
Path to vulnerable library: import-moltin-to-algolia/node_modules/npm/node_modules/yargs-parser/package.json
Dependency Hierarchy:
yargs-parser-11.1.1.tgz
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-11.1.1.tgz
Path to dependency file: import-moltin-to-algolia/package.json
Path to vulnerable library: import-moltin-to-algolia/node_modules/jest-runtime/node_modules/yargs-parser/package.json,import-moltin-to-algolia/node_modules/jest/node_modules/yargs-parser/package.json
Dependency Hierarchy:
yargs-parser-10.1.0.tgz
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-10.1.0.tgz
Path to dependency file: import-moltin-to-algolia/package.json
Path to vulnerable library: import-moltin-to-algolia/node_modules/ts-jest/node_modules/yargs-parser/package.json
Dependency Hierarchy:
Found in HEAD commit: 96d5036998190b909eb8340eda98b0408660212a
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.
Publish Date: 2020-03-16
URL: CVE-2020-7608
Base Score Metrics:
Type: Upgrade version
Origin: yargs/yargs-parser@63810ca
Release Date: 2020-06-05
Fix Resolution: 5.0.1;13.1.2;15.0.1;18.1.1
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: