You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
mend-bolt-for-githubbot
changed the title
weex-styler-0.3.0.tgz: 1 vulnerabilities (highest severity is: 9.1)
weex-styler-0.3.0.tgz: 1 vulnerabilities (highest severity is: 6.5)
Oct 13, 2022
mend-bolt-for-githubbot
changed the title
weex-styler-0.3.0.tgz: 1 vulnerabilities (highest severity is: 6.5)
weex-styler-0.3.0.tgz: 1 vulnerabilities (highest severity is: 9.1)
Oct 31, 2022
Vulnerable Library - weex-styler-0.3.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Found in HEAD commit: 77c7146d0444e2486ff3f42256348ec0130727e7
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2018-3745
Vulnerable Library - atob-1.1.3.tgz
atob for Node.JS and Linux / Mac / Windows CLI (it's a one-liner)
Library home page: https://registry.npmjs.org/atob/-/atob-1.1.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
Found in HEAD commit: 77c7146d0444e2486ff3f42256348ec0130727e7
Found in base branch: dev
Vulnerability Details
atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below.
Publish Date: 2018-05-29
URL: CVE-2018-3745
CVSS 3 Score Details (9.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://hackerone.com/reports/321686
Release Date: 2018-05-29
Fix Resolution (atob): 2.1.0
Direct dependency fix Resolution (weex-styler): 0.3.1
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: