WS-2019-0252 (Medium) detected in googleapis-3.1.0.tgz #37

mend-bolt-for-github · 2019-10-30T21:48:02Z

WS-2019-0252 - Medium Severity Vulnerability

Vulnerable Library - googleapis-3.1.0.tgz

Google APIs Client Library for Node.js

Library home page: https://registry.npmjs.org/googleapis/-/googleapis-3.1.0.tgz

Path to dependency file: /tmp/ws-scm/gcm-fire-gtfs/package.json

Path to vulnerable library: /gcm-fire-gtfs/node_modules/googleapis/package.json

Dependency Hierarchy:

❌ googleapis-3.1.0.tgz (Vulnerable Library)

Found in HEAD commit: a9454dac36ffefed1910c7daf893c7026fd5fcd9

Vulnerability Details

googleapis versions before 39.1.0 are vulnerable to Improper Authorization. Setting credentials to one client may apply to all clients which may cause requests to be sent with the incorrect credentials.

Publish Date: 2019-09-11

URL: WS-2019-0252

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/791

Release Date: 2019-09-11

Fix Resolution: 39.1.0

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Oct 30, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2019-0252 (Medium) detected in googleapis-3.1.0.tgz #37

WS-2019-0252 (Medium) detected in googleapis-3.1.0.tgz #37

mend-bolt-for-github bot commented Oct 30, 2019

WS-2019-0252 (Medium) detected in googleapis-3.1.0.tgz #37

WS-2019-0252 (Medium) detected in googleapis-3.1.0.tgz #37

Comments

mend-bolt-for-github bot commented Oct 30, 2019

WS-2019-0252 - Medium Severity Vulnerability