Path to dependency file: test-samples/samples/testing-frameworks/detox/react-native/package.json
Path to vulnerable library: test-samples/samples/testing-frameworks/detox/react-native/node_modules/mocha-jenkins-reporter/node_modules/diff/package.json
Path to dependency file: test-samples/samples/testing-frameworks/detox/react-native/package.json
Path to vulnerable library: test-samples/samples/testing-frameworks/detox/react-native/node_modules/mocha-jenkins-reporter/node_modules/mocha/node_modules/diff/package.json
Path to dependency file: test-samples/samples/testing-frameworks/appium/client-side/javascript/nightwatch_web_example/package.json
Path to vulnerable library: test-samples/samples/testing-frameworks/appium/client-side/javascript/nightwatch_web_example/node_modules/diff/package.json
A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
WS-2018-0590 - High Severity Vulnerability
Vulnerable Libraries - diff-1.0.7.tgz, diff-3.2.0.tgz, diff-1.4.0.tgz
diff-1.0.7.tgz
A javascript text diff implementation.
Library home page: https://registry.npmjs.org/diff/-/diff-1.0.7.tgz
Path to dependency file: test-samples/samples/testing-frameworks/detox/react-native/package.json
Path to vulnerable library: test-samples/samples/testing-frameworks/detox/react-native/node_modules/mocha-jenkins-reporter/node_modules/diff/package.json
Dependency Hierarchy: - mocha-jenkins-reporter-0.3.12.tgz (Root Library) - :x: **diff-1.0.7.tgz** (Vulnerable Library)
diff-3.2.0.tgz
A javascript text diff implementation.
Library home page: https://registry.npmjs.org/diff/-/diff-3.2.0.tgz
Path to dependency file: test-samples/samples/testing-frameworks/detox/react-native/package.json
Path to vulnerable library: test-samples/samples/testing-frameworks/detox/react-native/node_modules/mocha-jenkins-reporter/node_modules/mocha/node_modules/diff/package.json
Dependency Hierarchy: - mocha-jenkins-reporter-0.3.12.tgz (Root Library) - mocha-3.5.3.tgz - :x: **diff-3.2.0.tgz** (Vulnerable Library)
diff-1.4.0.tgz
A javascript text diff implementation.
Library home page: https://registry.npmjs.org/diff/-/diff-1.4.0.tgz
Path to dependency file: test-samples/samples/testing-frameworks/appium/client-side/javascript/nightwatch_web_example/package.json
Path to vulnerable library: test-samples/samples/testing-frameworks/appium/client-side/javascript/nightwatch_web_example/node_modules/diff/package.json
Dependency Hierarchy: - nightwatch-0.9.8.tgz (Root Library) - mocha-nightwatch-2.2.9.tgz - :x: **diff-1.4.0.tgz** (Vulnerable Library)
Found in HEAD commit: 12af4f854b64888df6e4492ecc94e141388e939a
Found in base branch: master
Vulnerability Details
A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.
Publish Date: 2018-03-05
URL: WS-2018-0590
CVSS 2 Score Details (7.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://github.com/kpdecker/jsdiff/commit/2aec4298639bf30fb88a00b356bf404d3551b8c0
Release Date: 2019-06-11
Fix Resolution: 3.5.0