mend-bolt-for-github[bot]
commented
3 years ago :information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #168
Closed mend-bolt-for-github[bot] closed 3 years ago
mend-bolt-for-github[bot]
commented
3 years ago :information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #168
mend-bolt-for-github[bot]
commented
3 years ago :information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #168
mend-bolt-for-github[bot]
commented
3 years ago :information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #168
mend-bolt-for-github[bot]
commented
3 years ago :information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #168
WS-2018-0090 - Low Severity Vulnerability
extend and merge objects, deep or shallow
Library home page: https://registry.npmjs.org/deap/-/deap-1.0.0.tgz
Path to dependency file: laravel-elixir-clean-unofficial/package.json
Path to vulnerable library: laravel-elixir-clean-unofficial/node_modules/deap
Dependency Hierarchy: - laravel-elixir-6.0.0-15.tgz (Root Library) - gulp-uglify-1.5.4.tgz - :x: **deap-1.0.0.tgz** (Vulnerable Library)
Found in HEAD commit: 76104a21d68682d5121e0ca9b615d190ed4a0689
Found in base branch: master
Versions of deap before 1.0.1 are vulnerable to prototype pollution.
Publish Date: 2018-02-28
URL: WS-2018-0090
Base Score Metrics not available
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/611
Release Date: 2018-01-27
Fix Resolution: 1.0.1
Step up your Open Source Security Game with WhiteSource here