This repository has been archived by the owner on Jan 8, 2021. It is now read-only.
WS-2019-0058 (Medium) detected in webpack-bundle-analyzer-2.11.1.tgz #110
Labels
security vulnerability
Security vulnerability detected by WhiteSource
WS-2019-0058 - Medium Severity Vulnerability
Vulnerable Library - webpack-bundle-analyzer-2.11.1.tgz
Webpack plugin and CLI utility that represents bundle content as convenient interactive zoomable treemap
Library home page: https://registry.npmjs.org/webpack-bundle-analyzer/-/webpack-bundle-analyzer-2.11.1.tgz
Path to dependency file: recursos.osweekends.com/client/package.json
Path to vulnerable library: recursos.osweekends.com/client/node_modules/webpack-bundle-analyzer/package.json
Dependency Hierarchy:
Found in HEAD commit: 75ce5372027b919c472c04a9d36eb427f15569ab
Vulnerability Details
Versions of webpack-bundle-analyzer prior to 3.3.2 are vulnerable to Cross-Site Scripting. The package uses JSON.stringify() without properly escaping input which may lead to Cross-Site Scripting.
Publish Date: 2019-04-11
URL: WS-2019-0058
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: webpack-contrib/webpack-bundle-analyzer#263
Release Date: 2019-04-23
Fix Resolution: 3.3.2
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: