CVE-2018-3774 High Severity Vulnerability detected by WhiteSource #14
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2018-3774 - High Severity Vulnerability
Small footprint URL parser that works seamlessly across Node.js and browser environments
path: /Book-Trading-Club/node_modules/url-parse/package.json
Library home page: https://registry.npmjs.org/url-parse/-/url-parse-1.1.9.tgz
Dependency Hierarchy:
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.
Publish Date: 2018-08-12
URL: CVE-2018-3774
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Change files
Origin: unshiftio/url-parse@53b1794
Release Date: 2018-07-29
Fix Resolution: Replace or update the following files: index.js, test.js
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: