search

valdisiljuconoks / azfun-demo

Azure Functions Demo with Cognitive Services
0 stars 0 forks source link

WS-2019-0100 (Medium) detected in fstream-0.1.31.tgz - autoclosed #5

Closed mend-bolt-for-github[bot] closed 2 years ago

mend-bolt-for-github[bot] commented 5 years ago

WS-2019-0100 - Medium Severity Vulnerability

Vulnerable Library - fstream-0.1.31.tgz

Advanced file system stream things

Library home page: https://registry.npmjs.org/fstream/-/fstream-0.1.31.tgz

Path to dependency file: /tmp/WhiteSource-ArchiveExtractor_e0e44f36-9e05-4ec0-9f3f-dc019749c234/20190625180617_49481/git_depth_0/azfun-demo/Web1/modules/_protected/Shell/Shell/10.10.6.0/ClientResources/lib/xstyle/package.json

Path to vulnerable library: /tmp/WhiteSource-ArchiveExtractor_e0e44f36-9e05-4ec0-9f3f-dc019749c234/20190625180617_49481/git_depth_0/azfun-demo/Web1/modules/_protected/Shell/Shell/10.10.6.0/ClientResources/lib/xstyle/node_modules/fstream/package.json

Dependency Hierarchy: - intern-geezer-2.2.3.tgz (Root Library) - digdug-1.4.0.tgz - decompress-0.2.3.tgz - tar-0.1.20.tgz - :x: **fstream-0.1.31.tgz** (Vulnerable Library)

Found in HEAD commit: 8ee2b61ed84613b88c99392812594a912d80c7d2

Vulnerability Details

Versions of fstream prior to 1.0.12 are vulnerable to Arbitrary File Overwrite.

Publish Date: 2019-05-23

URL: WS-2019-0100

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/886

Release Date: 2019-05-23

Fix Resolution: 1.0.12

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github[bot] commented 2 years ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.