Open mend-bolt-for-github[bot] opened 4 years ago
Issue-Label Bot is automatically applying the label bug
to this issue, with a confidence of 0.88. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!
Links: app homepage, dashboard and code for this bot.
CVE-2019-18797 - Medium Severity Vulnerability
Vulnerable Library - opennmsopennms-source-23.0.0-1
A Java based fault and performance management system
Library home page: https://sourceforge.net/projects/opennms/
Found in HEAD commit: d2b54fe8748c351352dd8b190836ca6fe284dba1
Vulnerable Source Files (1)
ngx-dhis2-validation-rule-filter/node_modules/node-sass/src/libsass/src/eval.cpp
Vulnerability Details
LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.
Publish Date: 2019-11-06
URL: CVE-2019-18797
CVSS 3 Score Details (6.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Step up your Open Source Security Game with WhiteSource here