WS-2017-0206 Medium Severity Vulnerability detected by WhiteSource #6
Description
WS-2017-0206 - Medium Severity Vulnerability
Vulnerable Library - brace-expansion-1.1.6.tgz
Brace expansion as known from sh/bash
path: /tmp/git/Hardware-con-Nodejs/node_modules/serialport/node_modules/node-pre-gyp/node_modules/rimraf/node_modules/glob/node_modules/minimatch/node_modules/brace-expansion/package.json
Library home page: https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.6.tgz
Dependency Hierarchy:
- serialport-4.0.7.tgz (Root Library)
- node-pre-gyp-0.6.32.tgz
- rimraf-2.5.4.tgz
- glob-7.1.1.tgz
- minimatch-3.0.3.tgz
- ❌ brace-expansion-1.1.6.tgz (Vulnerable Library)
- minimatch-3.0.3.tgz
- glob-7.1.1.tgz
- rimraf-2.5.4.tgz
- node-pre-gyp-0.6.32.tgz
Vulnerability Details
Brace-expansion is a module to support bash-like brace expansion in JavaScript.
For example,{1,2,3,4} would expand to 1 2 3 4. brace expansion versions before 1.1.7 are vulnerable to Regular Expression Denial of Service attacks.
Publish Date: 2017-04-25
URL: WS-2017-0206
CVSS 2 Score Details (6.2)
Base Score Metrics not available
Suggested Fix
Type: Change files
Origin: juliangruber/brace-expansion@b133812
Release Date: 2017-04-07
Fix Resolution: Replace or update the following file: index.js
Step up your Open Source Security Game with WhiteSource here