search

mpulsemobile / doccano

Open source text annotation tool for machine learning practitioner.
https://doccano.herokuapp.com
MIT License
0 stars 0 forks source link

WS-2018-0162 (Medium) detected in vue-2.5.16.tgz - autoclosed #38

Closed mend-for-github-com[bot] closed 3 years ago

mend-for-github-com[bot] commented 4 years ago

WS-2018-0162 - Medium Severity Vulnerability

Vulnerable Library - vue-2.5.16.tgz

Reactive, component-oriented view layer for modern web interfaces.

Library home page: https://registry.npmjs.org/vue/-/vue-2.5.16.tgz

Path to dependency file: doccano/app/server/static/package.json

Path to vulnerable library: doccano/app/server/static/node_modules/vue/package.json

Dependency Hierarchy: - :x: **vue-2.5.16.tgz** (Vulnerable Library)

Vulnerability Details

Vue-Poject before vesion 2.5.17 has a potential xss in ssr when using v-bind.

Publish Date: 2018-08-01

URL: WS-2018-0162

CVSS 2 Score Details (6.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://github.com/vuejs/vue/commit/c28f79290d57240c607d8cec3b3413b49702e1fb

Release Date: 2018-08-01

Fix Resolution: vue - 2.5.17

mend-for-github-com[bot] commented 3 years ago

:information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #39