Closed mend-bolt-for-github[bot] closed 3 years ago
:information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #125
:information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #125
:information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #125
:information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #125
WS-2018-0225 - Medium Severity Vulnerability
Vulnerable Library - node.extend-1.1.6.tgz
A port of jQuery.extend that actually works on node.js
Library home page: https://registry.npmjs.org/node.extend/-/node.extend-1.1.6.tgz
Path to dependency file: laravel-elixir-clean-unofficial/package.json
Path to vulnerable library: laravel-elixir-clean-unofficial/node_modules/node.extend
Dependency Hierarchy: - laravel-elixir-6.0.0-15.tgz (Root Library) - gulp-notify-2.2.0.tgz - :x: **node.extend-1.1.6.tgz** (Vulnerable Library)
Found in HEAD commit: 76104a21d68682d5121e0ca9b615d190ed4a0689
Found in base branch: master
Vulnerability Details
Node.extend, versions v0.0.2--v1.1.6 and version v2.0.0, have a prototype pollution vulnerability which allows an attacker to inject properties on Object.prototype
Publish Date: 2018-10-30
URL: WS-2018-0225
CVSS 2 Score Details (6.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://hackerone.com/reports/430831
Release Date: 2018-12-13
Fix Resolution: 1.1.7,2.0.1
Step up your Open Source Security Game with WhiteSource here