WS-2019-0252 (Medium) detected in googleapis-23.0.2.tgz #71

mend-bolt-for-github · 2020-10-19T21:35:15Z

WS-2019-0252 - Medium Severity Vulnerability

Vulnerable Library - googleapis-23.0.2.tgz

Google APIs Client Library for Node.js

Library home page: https://registry.npmjs.org/googleapis/-/googleapis-23.0.2.tgz

Path to dependency file: angular/aio/yarn.lock

Path to vulnerable library: angular/aio/yarn.lock

Dependency Hierarchy:

firebase-tools-5.1.1.tgz (Root Library)
- functions-emulator-1.0.0-beta.5.tgz
  - ❌ googleapis-23.0.2.tgz (Vulnerable Library)

Found in HEAD commit: e5d3c6e556a7defadd6d1bdf1f142703605577e5

Vulnerability Details

googleapis versions before 39.1.0 are vulnerable to Improper Authorization. Setting credentials to one client may apply to all clients which may cause requests to be sent with the incorrect credentials.

Publish Date: 2019-02-19

URL: WS-2019-0252

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/791

Release Date: 2019-09-11

Fix Resolution: 39.1.0

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Oct 19, 2020

olivialancaster mentioned this issue Feb 23, 2021

[Snyk] Security upgrade firefox-profile from 0.4.0 to 0.4.4 #232

Open

olivialancaster mentioned this issue Apr 15, 2024

[Snyk] Security upgrade firefox-profile from 0.4.0 to 0.4.4 #385

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2019-0252 (Medium) detected in googleapis-23.0.2.tgz #71

WS-2019-0252 (Medium) detected in googleapis-23.0.2.tgz #71

mend-bolt-for-github bot commented Oct 19, 2020

WS-2019-0252 (Medium) detected in googleapis-23.0.2.tgz #71

WS-2019-0252 (Medium) detected in googleapis-23.0.2.tgz #71

Comments

mend-bolt-for-github bot commented Oct 19, 2020

WS-2019-0252 - Medium Severity Vulnerability