mend-bolt-for-github[bot]
commented
2 years ago :information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #334
Closed mend-bolt-for-github[bot] closed 2 years ago
mend-bolt-for-github[bot]
commented
2 years ago :information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #334
mend-bolt-for-github[bot]
commented
2 years ago :information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #334
CVE-2022-1365 - High Severity Vulnerability
Universal WHATWG Fetch API for Node, Browsers and React Native
Library home page: https://registry.npmjs.org/cross-fetch/-/cross-fetch-2.2.2.tgz
Dependency Hierarchy: - ts-graphql-plugin-1.12.0.tgz (Root Library) - graphql-language-service-types-1.5.2.tgz - graphql-config-2.2.1.tgz - graphql-request-1.8.2.tgz - :x: **cross-fetch-2.2.2.tgz** (Vulnerable Library)
Found in HEAD commit: f2de0e847e3ed821b08510b1e2352ad8fb36dea3
Found in base branch: dev/seed-tool
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5.
Publish Date: 2022-04-15
URL: CVE-2022-1365
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1365
Release Date: 2022-04-15
Fix Resolution (cross-fetch): 2.2.6
Direct dependency fix Resolution (ts-graphql-plugin): 1.12.1
Step up your Open Source Security Game with WhiteSource here