Closed mend-for-github-com[bot] closed 3 years ago
Reactive, component-oriented view layer for modern web interfaces.
Library home page: https://registry.npmjs.org/vue/-/vue-2.5.16.tgz
Path to dependency file: doccano/app/server/static/package.json
Path to vulnerable library: doccano/app/server/static/node_modules/vue/package.json
Dependency Hierarchy: - :x: **vue-2.5.16.tgz** (Vulnerable Library)
Vue-Poject before vesion 2.5.17 has a potential xss in ssr when using v-bind.
Publish Date: 2018-08-01
URL: WS-2018-0162
Base Score Metrics not available
Type: Upgrade version
Origin: https://github.com/vuejs/vue/commit/c28f79290d57240c607d8cec3b3413b49702e1fb
Release Date: 2018-08-01
Fix Resolution: vue - 2.5.17
:information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #39
WS-2018-0162 - Medium Severity Vulnerability
Vulnerable Library - vue-2.5.16.tgz
Reactive, component-oriented view layer for modern web interfaces.
Library home page: https://registry.npmjs.org/vue/-/vue-2.5.16.tgz
Path to dependency file: doccano/app/server/static/package.json
Path to vulnerable library: doccano/app/server/static/node_modules/vue/package.json
Dependency Hierarchy: - :x: **vue-2.5.16.tgz** (Vulnerable Library)
Vulnerability Details
Vue-Poject before vesion 2.5.17 has a potential xss in ssr when using v-bind.
Publish Date: 2018-08-01
URL: WS-2018-0162
CVSS 2 Score Details (6.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://github.com/vuejs/vue/commit/c28f79290d57240c607d8cec3b3413b49702e1fb
Release Date: 2018-08-01
Fix Resolution: vue - 2.5.17