WS-2019-0063 (High) detected in js-yaml-3.12.2.tgz, js-yaml-3.12.1.tgz #434

mend-bolt-for-github · 2019-05-04T15:18:41Z

WS-2019-0063 - High Severity Vulnerability

Vulnerable Libraries - js-yaml-3.12.2.tgz, js-yaml-3.12.1.tgz

js-yaml-3.12.2.tgz

YAML 1.2 parser and serializer

Path to dependency file: /Emendare/register/package.json

Path to vulnerable library: /tmp/git/Emendare/register/node_modules/js-yaml/package.json

Dependency Hierarchy:

tslint-5.11.0.tgz (Root Library)
- ❌ js-yaml-3.12.2.tgz (Vulnerable Library)

js-yaml-3.12.1.tgz

YAML 1.2 parser and serializer

Path to dependency file: /Emendare/server/package.json

Path to vulnerable library: /tmp/git/Emendare/server/node_modules/js-yaml/package.json

Dependency Hierarchy:

tslint-5.12.1.tgz (Root Library)
- ❌ js-yaml-3.12.1.tgz (Vulnerable Library)

Vulnerability Details

Js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file.

Publish Date: 2019-04-30

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Release Date: 2019-04-30

Fix Resolution: 3.13.1

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label May 4, 2019

jimmyleray closed this as completed May 4, 2019

greenkeeper bot mentioned this issue Aug 1, 2019

An in-range update of enzyme is breaking the build 🚨 #619

Open