WS-2019-0252 (Medium) detected in googleapis-23.0.2.tgz #70

mend-bolt-for-github · 2020-10-20T01:32:41Z

WS-2019-0252 - Medium Severity Vulnerability

Vulnerable Library - googleapis-23.0.2.tgz

Google APIs Client Library for Node.js

Library home page: https://registry.npmjs.org/googleapis/-/googleapis-23.0.2.tgz

Path to dependency file: angular/yarn.lock

Path to vulnerable library: angular/yarn.lock,angular/aio/yarn.lock

Dependency Hierarchy:

firebase-tools-5.1.1.tgz (Root Library)
- functions-emulator-1.0.0-beta.5.tgz
  - ❌ googleapis-23.0.2.tgz (Vulnerable Library)

Found in HEAD commit: cf1f1c0344fa01406f61ff7437a72714be39b47e

Vulnerability Details

googleapis versions before 39.1.0 are vulnerable to Improper Authorization. Setting credentials to one client may apply to all clients which may cause requests to be sent with the incorrect credentials.

Publish Date: 2019-02-19

URL: WS-2019-0252

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/791

Release Date: 2019-09-11

Fix Resolution: 39.1.0

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Oct 20, 2020

gate5 mentioned this issue Feb 23, 2021

[Snyk] Security upgrade firefox-profile from 0.4.0 to 0.4.4 #198

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2019-0252 (Medium) detected in googleapis-23.0.2.tgz #70

WS-2019-0252 (Medium) detected in googleapis-23.0.2.tgz #70

mend-bolt-for-github bot commented Oct 20, 2020

WS-2019-0252 (Medium) detected in googleapis-23.0.2.tgz #70

WS-2019-0252 (Medium) detected in googleapis-23.0.2.tgz #70

Comments

mend-bolt-for-github bot commented Oct 20, 2020

WS-2019-0252 - Medium Severity Vulnerability