text-buffer-13.18.6.tgz: 1 vulnerabilities (highest severity is: 7.0)

[dev-mend-for-github-com]

Vulnerable Library - text-buffer-13.18.6.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (text-buffer version)	Remediation Possible**	Reachability
WS-2018-0590	High	7.0	diff-2.2.3.tgz	Transitive	N/A*	❌

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

WS-2018-0590

Vulnerable Library - diff-2.2.3.tgz

A javascript text diff implementation.

Library home page: https://registry.npmjs.org/diff/-/diff-2.2.3.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

• text-buffer-13.18.6.tgz (Root Library)
  • ❌ diff-2.2.3.tgz (Vulnerable Library)

Found in base branch: electron-upgrade

Vulnerability Details

A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

Publish Date: 2018-03-05

URL: WS-2018-0590

CVSS 2 Score Details (7.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Release Date: 2018-03-05

Fix Resolution: 3.5.0