WS-2018-0215 (Medium) detected in cached-path-relative-1.0.1.tgz #171

mend-bolt-for-github · 2020-10-20T01:36:38Z

WS-2018-0215 - Medium Severity Vulnerability

Vulnerable Library - cached-path-relative-1.0.1.tgz

Memoize the results of the path.relative function

Path to dependency file: angular/integration/cli-hello-world/yarn.lock

Path to vulnerable library: angular/integration/cli-hello-world/yarn.lock

Dependency Hierarchy:

karma-2.0.0.tgz (Root Library)
- browserify-14.5.0.tgz
  - module-deps-4.1.1.tgz
    - ❌ cached-path-relative-1.0.1.tgz (Vulnerable Library)

Vulnerability Details

Version of cached-path-relative before 1.0.2 are vulnerable to prototype pollution.

Publish Date: 2018-11-07

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Release Date: 2018-12-06

Fix Resolution: 1.0.2

The text was updated successfully, but these errors were encountered:

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Oct 20, 2020