Open mend-bolt-for-github[bot] opened 3 weeks ago
Ethereum JavaScript API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/web3/1.5.0/web3.min.js
Path to dependency file: /blockchain_integration/pi_network/apps/PiGenesis/app/public/index.html
Path to vulnerable library: /blockchain_integration/pi_network/apps/PiGenesis/app/public/index.html
Found in HEAD commit: 011e5f9d5ce310049a1a68c19f7df65be4f88caf
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Dependency Hierarchy: - :x: **web3-1.5.0.min.js** (Vulnerable Library)
Found in base branch: main
All versions of web3 are vulnerable to Insecure Credential Storage
Publish Date: 2019-05-15
URL: WS-2019-0075
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/WS-2019-0075
Release Date: 2019-05-15
Fix Resolution: web3 - 1.5.3-rc.0
Ethereum JavaScript API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/web3/1.5.0/web3.min.js
Path to dependency file: /blockchain_integration/pi_network/apps/PiGenesis/app/public/index.html
Path to vulnerable library: /blockchain_integration/pi_network/apps/PiGenesis/app/public/index.html
Found in HEAD commit: 011e5f9d5ce310049a1a68c19f7df65be4f88caf
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
WS-2019-0075
### Vulnerable Library - web3-1.5.0.min.jsEthereum JavaScript API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/web3/1.5.0/web3.min.js
Path to dependency file: /blockchain_integration/pi_network/apps/PiGenesis/app/public/index.html
Path to vulnerable library: /blockchain_integration/pi_network/apps/PiGenesis/app/public/index.html
Dependency Hierarchy: - :x: **web3-1.5.0.min.js** (Vulnerable Library)
Found in HEAD commit: 011e5f9d5ce310049a1a68c19f7df65be4f88caf
Found in base branch: main
### Vulnerability DetailsAll versions of web3 are vulnerable to Insecure Credential Storage
Publish Date: 2019-05-15
URL: WS-2019-0075
### CVSS 3 Score Details (3.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/WS-2019-0075
Release Date: 2019-05-15
Fix Resolution: web3 - 1.5.3-rc.0
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)