WS-2019-0058 (Medium) detected in webpack-bundle-analyzer-2.13.1.tgz #11

mend-for-github-com · 2020-04-22T22:12:54Z

WS-2019-0058 - Medium Severity Vulnerability

Vulnerable Library - webpack-bundle-analyzer-2.13.1.tgz

Webpack plugin and CLI utility that represents bundle content as convenient interactive zoomable treemap

Library home page: https://registry.npmjs.org/webpack-bundle-analyzer/-/webpack-bundle-analyzer-2.13.1.tgz

Path to dependency file: arcgis-rest-js/demos/vue/package.json

Path to vulnerable library: arcgis-rest-js/demos/vue/node_modules/webpack-bundle-analyzer/package.json

Dependency Hierarchy:

cli-service-3.0.0.tgz (Root Library)
- ❌ webpack-bundle-analyzer-2.13.1.tgz (Vulnerable Library)

Found in HEAD commit: 23d72402f58ac43f9793be37cef856f9a8b0d0c3

Vulnerability Details

Versions of webpack-bundle-analyzer prior to 3.3.2 are vulnerable to Cross-Site Scripting. The package uses JSON.stringify() without properly escaping input which may lead to Cross-Site Scripting.

Publish Date: 2019-04-11

URL: WS-2019-0058

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: webpack-contrib/webpack-bundle-analyzer#263

Release Date: 2019-04-23

Fix Resolution: 3.3.2

mend-for-github-com bot added the security vulnerability Security vulnerability detected by WhiteSource label Apr 22, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2019-0058 (Medium) detected in webpack-bundle-analyzer-2.13.1.tgz #11

WS-2019-0058 (Medium) detected in webpack-bundle-analyzer-2.13.1.tgz #11

mend-for-github-com bot commented Apr 22, 2020 •

edited

WS-2019-0058 (Medium) detected in webpack-bundle-analyzer-2.13.1.tgz #11

WS-2019-0058 (Medium) detected in webpack-bundle-analyzer-2.13.1.tgz #11

Comments

mend-for-github-com bot commented Apr 22, 2020 • edited

WS-2019-0058 - Medium Severity Vulnerability

mend-for-github-com bot commented Apr 22, 2020 •

edited