CVE-2018-17848 (High) detected in github.com/hyperledger/fabric-v1.4.1 - autoclosed

[mend-bolt-for-github[bot]]

CVE-2018-17848 - High Severity Vulnerability

Vulnerable Library - github.com/hyperledger/fabric-v1.4.1

Read-only mirror of https://gerrit.hyperledger.org/r/#/admin/projects/fabric

Dependency Hierarchy: - :x: **github.com/hyperledger/fabric-v1.4.1** (Vulnerable Library)

Found in HEAD commit: d388e16464e00b9ce84df0d247029f534a429b90

Found in base branch: main

Vulnerability Details

The html package (aka x/net/html) through 2018-09-25 in Go mishandles $, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call. Publish Date: 2018-10-01 URL: CVE-2018-17848 CVSS 3 Score Details (7.5) Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High For more information on CVSS3 Scores, click here. Step up your Open Source Security Game with WhiteSource here mend-bolt-for-github[bot] commented 3 years ago :heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory. © Githubissues. Githubissues is a development platform for aggregating issues. $

[mend-bolt-for-github[bot]]

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.