Open mend-bolt-for-github[bot] opened 4 years ago
Reactive, component-oriented view layer for modern web interfaces.
Library home page: https://registry.npmjs.org/vue/-/vue-2.5.16.tgz
Path to dependency file: kienba/package.json
Path to vulnerable library: kienba/node_modules/vue/package.json
Dependency Hierarchy: - :x: **vue-2.5.16.tgz** (Vulnerable Library)
Found in HEAD commit: 9e34779b7ccab84f0c78ed4460e8a08300b8e900
Vue-Poject before vesion 2.5.17 has a potential xss in ssr when using v-bind.
Publish Date: 2018-08-01
URL: WS-2018-0162
Base Score Metrics not available
Type: Upgrade version
Origin: https://github.com/vuejs/vue/commit/c28f79290d57240c607d8cec3b3413b49702e1fb
Release Date: 2018-08-01
Fix Resolution: vue - 2.5.17
Step up your Open Source Security Game with WhiteSource here
WS-2018-0162 - Medium Severity Vulnerability
Reactive, component-oriented view layer for modern web interfaces.
Library home page: https://registry.npmjs.org/vue/-/vue-2.5.16.tgz
Path to dependency file: kienba/package.json
Path to vulnerable library: kienba/node_modules/vue/package.json
Dependency Hierarchy: - :x: **vue-2.5.16.tgz** (Vulnerable Library)
Found in HEAD commit: 9e34779b7ccab84f0c78ed4460e8a08300b8e900
Vue-Poject before vesion 2.5.17 has a potential xss in ssr when using v-bind.
Publish Date: 2018-08-01
URL: WS-2018-0162
Base Score Metrics not available
Type: Upgrade version
Origin: https://github.com/vuejs/vue/commit/c28f79290d57240c607d8cec3b3413b49702e1fb
Release Date: 2018-08-01
Fix Resolution: vue - 2.5.17
Step up your Open Source Security Game with WhiteSource here