WS-2019-0066 (Medium) detected in ecstatic-3.3.2.tgz #5

mend-for-github-com · 2020-11-20T19:29:04Z

WS-2019-0066 - Medium Severity Vulnerability

Vulnerable Library - ecstatic-3.3.2.tgz

A simple static file server middleware

Library home page: https://registry.npmjs.org/ecstatic/-/ecstatic-3.3.2.tgz

Path to dependency file: esri-leaflet/package.json

Path to vulnerable library: esri-leaflet/node_modules/ecstatic/package.json

Dependency Hierarchy:

http-server-0.12.3.tgz (Root Library)
- ❌ ecstatic-3.3.2.tgz (Vulnerable Library)

Found in HEAD commit: f1b0ab628654274f9a5824429382197d038bb5c5

Found in base branch: master

Vulnerability Details

Versions of ecstatic prior to 4.1.2 fails to validate redirects, allowing attackers to craft requests that result in an HTTP 301 redirect to any other domains.

Publish Date: 2019-04-27

URL: WS-2019-0066

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/830/versions

Release Date: 2019-05-02

Fix Resolution: 4.1.2

mend-for-github-com bot added the security vulnerability Security vulnerability detected by WhiteSource label Nov 20, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2019-0066 (Medium) detected in ecstatic-3.3.2.tgz #5

WS-2019-0066 (Medium) detected in ecstatic-3.3.2.tgz #5

mend-for-github-com bot commented Nov 20, 2020 •

edited

WS-2019-0066 (Medium) detected in ecstatic-3.3.2.tgz #5

WS-2019-0066 (Medium) detected in ecstatic-3.3.2.tgz #5

Comments

mend-for-github-com bot commented Nov 20, 2020 • edited

WS-2019-0066 - Medium Severity Vulnerability

mend-for-github-com bot commented Nov 20, 2020 •

edited