You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
acorn is vulnerable to REGEX DoS. A regex of the form /[x-\ud800]/u causes the parser to enter an infinite loop. attackers may leverage the vulnerability leading to a Denial of Service since the string is not valid UTF16 and it results in it being sanitized before reaching the parser.
mend-bolt-for-githubbot
changed the title
WS-2020-0042 (High) detected in acorn-5.7.3.tgz, acorn-6.1.1.tgz
WS-2020-0042 (High) detected in acorn-6.1.1.tgz, acorn-5.7.3.tgz
Oct 29, 2020
mend-bolt-for-githubbot
changed the title
WS-2020-0042 (High) detected in acorn-6.1.1.tgz, acorn-5.7.3.tgz
WS-2020-0042 (High) detected in acorn-5.7.3.tgz, acorn-6.1.1.tgz
Nov 26, 2020
mend-bolt-for-githubbot
changed the title
WS-2020-0042 (High) detected in acorn-5.7.3.tgz, acorn-6.1.1.tgz
WS-2020-0042 (High) detected in acorn-6.1.1.tgz, acorn-5.7.3.tgz
Nov 26, 2020
mend-bolt-for-githubbot
changed the title
WS-2020-0042 (High) detected in acorn-6.1.1.tgz, acorn-5.7.3.tgz
WS-2020-0042 (High) detected in acorn-5.7.3.tgz, acorn-6.1.1.tgz
Nov 26, 2020
mend-bolt-for-githubbot
changed the title
WS-2020-0042 (High) detected in acorn-5.7.3.tgz, acorn-6.1.1.tgz
WS-2020-0042 (High) detected in acorn-6.1.1.tgz, acorn-5.7.3.tgz
Jan 6, 2021
mend-bolt-for-githubbot
changed the title
WS-2020-0042 (High) detected in acorn-6.1.1.tgz, acorn-5.7.3.tgz
WS-2020-0042 (High) detected in acorn-5.7.3.tgz, acorn-6.1.1.tgz
Jan 10, 2021
mend-bolt-for-githubbot
changed the title
WS-2020-0042 (High) detected in acorn-5.7.3.tgz, acorn-6.1.1.tgz
WS-2020-0042 (High) detected in acorn-6.1.1.tgz, acorn-5.7.3.tgz
Feb 3, 2021
mend-bolt-for-githubbot
changed the title
WS-2020-0042 (High) detected in acorn-6.1.1.tgz, acorn-5.7.3.tgz
WS-2020-0042 (High) detected in acorn-5.7.3.tgz, acorn-6.1.1.tgz
Feb 10, 2021
mend-bolt-for-githubbot
changed the title
WS-2020-0042 (High) detected in acorn-5.7.3.tgz, acorn-6.1.1.tgz
WS-2020-0042 (High) detected in acorn-6.1.1.tgz, acorn-5.7.3.tgz
Feb 10, 2021
mend-bolt-for-githubbot
changed the title
WS-2020-0042 (High) detected in acorn-6.1.1.tgz, acorn-5.7.3.tgz
WS-2020-0042 (High) detected in acorn-5.7.3.tgz, acorn-6.1.1.tgz
May 9, 2021
mend-bolt-for-githubbot
changed the title
WS-2020-0042 (High) detected in acorn-5.7.3.tgz, acorn-6.1.1.tgz
WS-2020-0042 (High) detected in acorn-6.1.1.tgz, acorn-5.7.3.tgz
May 15, 2021
mend-bolt-for-githubbot
changed the title
WS-2020-0042 (High) detected in acorn-6.1.1.tgz, acorn-5.7.3.tgz
WS-2020-0042 (High) detected in acorn-5.7.3.tgz, acorn-6.1.1.tgz
May 25, 2021
mend-bolt-for-githubbot
changed the title
WS-2020-0042 (High) detected in acorn-5.7.3.tgz, acorn-6.1.1.tgz
WS-2020-0042 (High) detected in acorn-6.1.1.tgz, acorn-5.7.3.tgz
Jun 6, 2021
WS-2020-0042 - High Severity Vulnerability
acorn-6.1.1.tgz
ECMAScript parser
Library home page: https://registry.npmjs.org/acorn/-/acorn-6.1.1.tgz
Path to dependency file: shopify-request/package.json
Path to vulnerable library: shopify-request/node_modules/acorn-globals/node_modules/acorn/package.json
Dependency Hierarchy:
acorn-5.7.3.tgz
ECMAScript parser
Library home page: https://registry.npmjs.org/acorn/-/acorn-5.7.3.tgz
Path to dependency file: shopify-request/package.json
Path to vulnerable library: shopify-request/node_modules/acorn/package.json
Dependency Hierarchy:
Found in HEAD commit: 0e1c5b365e8dadb189055f0834c7352057fcfd97
acorn is vulnerable to REGEX DoS. A regex of the form /[x-\ud800]/u causes the parser to enter an infinite loop. attackers may leverage the vulnerability leading to a Denial of Service since the string is not valid UTF16 and it results in it being sanitized before reaching the parser.
Publish Date: 2020-03-01
URL: WS-2020-0042
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1488
Release Date: 2020-03-08
Fix Resolution: 7.1.1
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: