WS-2018-0068 (High) detected in constantinople-3.0.2.tgz #52
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WS-2018-0068 - High Severity Vulnerability
Determine whether a JavaScript expression evaluates to a constant (using UglifyJS)
Library home page: https://registry.npmjs.org/constantinople/-/constantinople-3.0.2.tgz
Path to dependency file: /push-button/package.json
Path to vulnerable library: /tmp/git/push-button/node_modules/constantinople/package.json
Dependency Hierarchy:
Found in HEAD commit: 57af924daa9373d491eb3522685d80412ef4100a
Versions of constantinople prior to 3.1.1 are vulnerable to a sandbox bypass which can lead to arbitrary code execution.
Publish Date: 2018-04-21
URL: WS-2018-0068
Base Score Metrics not available
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/568
Release Date: 2018-01-24
Fix Resolution: 3.1.1
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: