search

CliffCrerar / bohemian-rhapsody

A full stack demo app
https://music-app-prod-aspwmb5sba-uc.a.run.app
MIT License
1 stars 0 forks source link

CVE-2021-28458 (High) detected in ms-rest-nodeauth-0.8.4.tgz #222

Open mend-bolt-for-github[bot] opened 1 year ago

mend-bolt-for-github[bot] commented 1 year ago

CVE-2021-28458 - High Severity Vulnerability

Vulnerable Library - ms-rest-nodeauth-0.8.4.tgz

Azure Authentication library in node.js with type definitions.

Library home page: https://registry.npmjs.org/@azure/ms-rest-nodeauth/-/ms-rest-nodeauth-0.8.4.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/@azure/ms-rest-nodeauth/package.json

Dependency Hierarchy: - ng-deploy-0.2.3.tgz (Root Library) - :x: **ms-rest-nodeauth-0.8.4.tgz** (Vulnerable Library)

Found in HEAD commit: 4a3cde61974a458af06811c3e0c49119f6229e5e

Found in base branch: master

Vulnerability Details

Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability

Publish Date: 2021-04-13

URL: CVE-2021-28458

CVSS 3 Score Details (7.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2021-04-13

Fix Resolution: @azure/ms-rest-nodeauth - 3.0.8

Step up your Open Source Security Game with Mend here