search

iamkishan98 / E-voting-using-blockchain

Decentralized online vorting application built with blockchain
2 stars 0 forks source link

WS-2018-0215 (Medium) detected in cached-path-relative-1.0.1.tgz - autoclosed #182

Closed mend-bolt-for-github[bot] closed 2 years ago

mend-bolt-for-github[bot] commented 3 years ago

WS-2018-0215 - Medium Severity Vulnerability

Vulnerable Library - cached-path-relative-1.0.1.tgz

Memoize the results of the path.relative function

Library home page: https://registry.npmjs.org/cached-path-relative/-/cached-path-relative-1.0.1.tgz

Path to dependency file: /E-voting-using-blockchain/evoting app/src/package.json

Path to vulnerable library: E-voting-using-blockchain/evoting app/src/node_modules/cached-path-relative/package.json

Dependency Hierarchy: - slimscroll-0.9.1.tgz (Root Library) - browserify-16.1.1.tgz - :x: **cached-path-relative-1.0.1.tgz** (Vulnerable Library)

Vulnerability Details

Version of cached-path-relative before 1.0.2 are vulnerable to prototype pollution.

Publish Date: 2018-11-07

URL: WS-2018-0215

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://github.com/ashaffer/cached-path-relative/commit/a43cffec84ed0e9eceecb43b534b6937a8028fc0

Release Date: 2018-12-06

Fix Resolution: 1.0.2

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github[bot] commented 2 years ago

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.