search

bitbar / test-samples

Sample test scripts and applications for Bitbar Cloud
https://docs.bitbar.com/testing/index.html
Apache License 2.0
109 stars 222 forks source link

WS-2017-0247 (Low) detected in ms-0.7.1.tgz #228

Closed mend-for-github-com[bot] closed 3 years ago

mend-for-github-com[bot] commented 3 years ago

WS-2017-0247 - Low Severity Vulnerability

Vulnerable Library - ms-0.7.1.tgz

Tiny ms conversion utility

Library home page: https://registry.npmjs.org/ms/-/ms-0.7.1.tgz

Path to dependency file: test-samples/samples/testing-frameworks/appium/client-side/javascript/nightwatch_web_example/package.json

Path to vulnerable library: test-samples/samples/testing-frameworks/appium/client-side/javascript/nightwatch_web_example/node_modules/ms/package.json

Dependency Hierarchy: - nightwatch-0.9.8.tgz (Root Library) - mocha-nightwatch-2.2.9.tgz - debug-2.2.0.tgz - :x: **ms-0.7.1.tgz** (Vulnerable Library)

Found in HEAD commit: 12af4f854b64888df6e4492ecc94e141388e939a

Found in base branch: master

Vulnerability Details

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS).

Publish Date: 2017-04-12

URL: WS-2017-0247

CVSS 2 Score Details (3.4)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://github.com/vercel/ms/pull/89

Release Date: 2017-04-12

Fix Resolution: 2.1.1

stale[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.