WS-2019-0058 (Medium) detected in webpack-bundle-analyzer-3.1.0.tgz #66

mend-bolt-for-github · 2019-04-24T03:31:16Z

WS-2019-0058 - Medium Severity Vulnerability

Vulnerable Library - webpack-bundle-analyzer-3.1.0.tgz

Webpack plugin and CLI utility that represents bundle content as convenient interactive zoomable treemap

Library home page: https://registry.npmjs.org/webpack-bundle-analyzer/-/webpack-bundle-analyzer-3.1.0.tgz

Path to dependency file: /asuna-admin/core/package.json

Path to vulnerable library: /asuna-admin/core/node_modules/webpack-bundle-analyzer/package.json

Dependency Hierarchy:

❌ webpack-bundle-analyzer-3.1.0.tgz (Vulnerable Library)

Found in HEAD commit: a0964894f01b96e8a094a7af1a6bc629754a487a

Vulnerability Details

Versions of webpack-bundle-analyzer prior to 3.3.2 are vulnerable to Cross-Site Scripting. The package uses JSON.stringify() without properly escaping input which may lead to Cross-Site Scripting.

Publish Date: 2019-04-23

URL: WS-2019-0058

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: webpack-contrib/webpack-bundle-analyzer#263

Release Date: 2019-04-23

Fix Resolution: 3.3.2

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Apr 24, 2019

danielwii closed this as completed May 2, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2019-0058 (Medium) detected in webpack-bundle-analyzer-3.1.0.tgz #66

WS-2019-0058 (Medium) detected in webpack-bundle-analyzer-3.1.0.tgz #66

mend-bolt-for-github bot commented Apr 24, 2019

WS-2019-0058 (Medium) detected in webpack-bundle-analyzer-3.1.0.tgz #66

WS-2019-0058 (Medium) detected in webpack-bundle-analyzer-3.1.0.tgz #66

Comments

mend-bolt-for-github bot commented Apr 24, 2019

WS-2019-0058 - Medium Severity Vulnerability