search

bitbar / test-samples

Sample test scripts and applications for Bitbar Cloud
https://docs.bitbar.com/testing/index.html
Apache License 2.0
109 stars 222 forks source link

WS-2018-0590 (High) detected in multiple libraries #236

Closed mend-for-github-com[bot] closed 3 years ago

mend-for-github-com[bot] commented 3 years ago

WS-2018-0590 - High Severity Vulnerability

Vulnerable Libraries - diff-1.0.7.tgz, diff-3.2.0.tgz, diff-1.4.0.tgz

diff-1.0.7.tgz

A javascript text diff implementation.

Library home page: https://registry.npmjs.org/diff/-/diff-1.0.7.tgz

Path to dependency file: test-samples/samples/testing-frameworks/detox/react-native/package.json

Path to vulnerable library: test-samples/samples/testing-frameworks/detox/react-native/node_modules/mocha-jenkins-reporter/node_modules/diff/package.json

Dependency Hierarchy: - mocha-jenkins-reporter-0.3.12.tgz (Root Library) - :x: **diff-1.0.7.tgz** (Vulnerable Library)

diff-3.2.0.tgz

A javascript text diff implementation.

Library home page: https://registry.npmjs.org/diff/-/diff-3.2.0.tgz

Path to dependency file: test-samples/samples/testing-frameworks/detox/react-native/package.json

Path to vulnerable library: test-samples/samples/testing-frameworks/detox/react-native/node_modules/mocha-jenkins-reporter/node_modules/mocha/node_modules/diff/package.json

Dependency Hierarchy: - mocha-jenkins-reporter-0.3.12.tgz (Root Library) - mocha-3.5.3.tgz - :x: **diff-3.2.0.tgz** (Vulnerable Library)

diff-1.4.0.tgz

A javascript text diff implementation.

Library home page: https://registry.npmjs.org/diff/-/diff-1.4.0.tgz

Path to dependency file: test-samples/samples/testing-frameworks/appium/client-side/javascript/nightwatch_web_example/package.json

Path to vulnerable library: test-samples/samples/testing-frameworks/appium/client-side/javascript/nightwatch_web_example/node_modules/diff/package.json

Dependency Hierarchy: - nightwatch-0.9.8.tgz (Root Library) - mocha-nightwatch-2.2.9.tgz - :x: **diff-1.4.0.tgz** (Vulnerable Library)

Found in HEAD commit: 12af4f854b64888df6e4492ecc94e141388e939a

Found in base branch: master

Vulnerability Details

A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

Publish Date: 2018-03-05

URL: WS-2018-0590

CVSS 2 Score Details (7.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://github.com/kpdecker/jsdiff/commit/2aec4298639bf30fb88a00b356bf404d3551b8c0

Release Date: 2019-06-11

Fix Resolution: 3.5.0

stale[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.