WS-2018-0209 (Medium) detected in morgan-1.6.1.tgz #11
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-github-com
bot
added
the
security vulnerability
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WS-2018-0209 - Medium Severity Vulnerability
HTTP request logger middleware for node.js
Library home page: https://registry.npmjs.org/morgan/-/morgan-1.6.1.tgz
Path to dependency file: /tmp/ws-scm/vulnerable-node/package.json
Path to vulnerable library: /vulnerable-node/node_modules/morgan/package.json
Dependency Hierarchy:
Found in HEAD commit: c2710dc26e7af51487170b269cd7bb94d4edb4df
Morgan before 1.9.1 is vulnerable to code injection when user input is allowed into the filter or combined with a prototype pollution attack.
Publish Date: 2018-11-25
URL: WS-2018-0209
Base Score Metrics not available
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/735
Release Date: 2019-04-08
Fix Resolution: 1.9.1
⛑️ Automatic Remediation is available for this issue
The text was updated successfully, but these errors were encountered: