CVE-2019-10795 (Medium) detected in undefsafe-2.0.2.tgz
mend-for-github-com opened this issue · comments
CVE-2019-10795 - Medium Severity Vulnerability
Vulnerable Library - undefsafe-2.0.2.tgz
Undefined safe way of extracting object properties
Library home page: https://registry.npmjs.org/undefsafe/-/undefsafe-2.0.2.tgz
Path to dependency file: /tmp/ws-scm/dovetail/docs-src/themes/tibcolabs/assets/vendor/bootstrap/package.json
Path to vulnerable library: /tmp/ws-scm/dovetail/docs-src/themes/tibcolabs/assets/vendor/bootstrap/node_modules/undefsafe/package.json
Dependency Hierarchy:
- nodemon-1.17.5.tgz (Root Library)
- ❌ undefsafe-2.0.2.tgz (Vulnerable Library)
Vulnerability Details
undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a proto payload.
Publish Date: 2020-02-18
URL: CVE-2019-10795
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10795
Release Date: 2020-02-18
Fix Resolution: 2.0.3