Open mend-for-github-com[bot] opened 2 years ago
Lightweight UI components for Vue.js based on Bulma
Library home page: https://registry.npmjs.org/buefy/-/buefy-0.6.6.tgz
Path to dependency file: /applications/gui/package.json
Path to vulnerable library: /applications/gui/node_modules/buefy/package.json
Found in HEAD commit: 4e5656db54be4b22481fe3774c2caeba51bac190
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Dependency Hierarchy: - :x: **buefy-0.6.6.tgz** (Vulnerable Library)
Found in base branch: main
In buefy, versions prior to 0.7.2 are vulnerable to Cross-Site Scripting when the autocomplete list renders user input as HTML without encoding.
Publish Date: 2019-09-11
URL: WS-2019-0256
Exploit Maturity: Not Defined
EPSS:
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/747
Release Date: 2019-09-11
Fix Resolution: 0.7.2
:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.
Lightweight UI components for Vue.js based on Bulma
Library home page: https://registry.npmjs.org/buefy/-/buefy-0.6.6.tgz
Path to dependency file: /applications/gui/package.json
Path to vulnerable library: /applications/gui/node_modules/buefy/package.json
Found in HEAD commit: 4e5656db54be4b22481fe3774c2caeba51bac190
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
WS-2019-0256
### Vulnerable Library - buefy-0.6.6.tgzLightweight UI components for Vue.js based on Bulma
Library home page: https://registry.npmjs.org/buefy/-/buefy-0.6.6.tgz
Path to dependency file: /applications/gui/package.json
Path to vulnerable library: /applications/gui/node_modules/buefy/package.json
Dependency Hierarchy: - :x: **buefy-0.6.6.tgz** (Vulnerable Library)
Found in HEAD commit: 4e5656db54be4b22481fe3774c2caeba51bac190
Found in base branch: main
### Vulnerability DetailsIn buefy, versions prior to 0.7.2 are vulnerable to Cross-Site Scripting when the autocomplete list renders user input as HTML without encoding.
Publish Date: 2019-09-11
URL: WS-2019-0256
### Threat AssessmentExploit Maturity: Not Defined
EPSS:
### CVSS 3 Score Details (6.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://www.npmjs.com/advisories/747
Release Date: 2019-09-11
Fix Resolution: 0.7.2
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.