CVE-2022-1650 (Critical) detected in eventsource-1.0.7.tgz, eventsource-0.1.6.tgz - autoclosed #114
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
CVE-2022-1650 - Critical Severity Vulnerability
Vulnerable Libraries - eventsource-1.0.7.tgz, eventsource-0.1.6.tgz
eventsource-1.0.7.tgz
W3C compliant EventSource client for Node.js and browser (polyfill)
Library home page: https://registry.npmjs.org/eventsource/-/eventsource-1.0.7.tgz
Path to dependency file: /www/package.json
Path to vulnerable library: /www/node_modules/eventsource/package.json
Dependency Hierarchy:
eventsource-0.1.6.tgz
W3C compliant EventSource client for Node.js
Library home page: https://registry.npmjs.org/eventsource/-/eventsource-0.1.6.tgz
Path to dependency file: /www/package.json
Path to vulnerable library: /www/node_modules/sockjs-client/node_modules/eventsource/package.json
Dependency Hierarchy:
Found in HEAD commit: eccad658a517434871207551d423bdbab48e47fc
Found in base branch: master
Vulnerability Details
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.
Publish Date: 2022-05-12
URL: CVE-2022-1650
CVSS 3 Score Details (9.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2022-05-12
Fix Resolution (eventsource): 1.1.1
Direct dependency fix Resolution (gatsby): 3.0.0-reach-router.14
Fix Resolution (eventsource): 1.1.1
Direct dependency fix Resolution (gatsby): 3.0.0-reach-router.14
⛑️ Automatic Remediation will be attempted for this issue.
The text was updated successfully, but these errors were encountered: