CVE-2018-16492 (High) detected in node6be96c70f5642ac07b9f505f464f958245df03d0

[mend-for-github-com[bot]]

CVE-2018-16492 - High Severity Vulnerability

Vulnerable Library - node6be96c70f5642ac07b9f505f464f958245df03d0

Node.js JavaScript runtime :sparkles::turtle::rocket::sparkles:

Library home page: https://github.com/nodejs/node.git

Found in HEAD commit: b011a55ee3bfce5d2fedf4fd780e4196d446c504

Found in base branch: gh-pages

Vulnerable Source Files (1)

Vulnerability Details

A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.

Publish Date: 2019-02-01

URL: CVE-2018-16492

CVSS 3 Score Details (9.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://hackerone.com/reports/381185

Release Date: 2019-02-01

Fix Resolution: extend - v3.0.2,v2.0.2

[mend-for-github-com[bot]]

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.

[mend-for-github-com[bot]]

:information_source: This issue was automatically re-opened by WhiteSource because the vulnerable library in the specific branch(es) has been detected in the WhiteSource inventory.