Giters

TIBCOSoftware / dovetail

Dovetail blockchain ecosystem docs repository

Home Page:https://tibcosoftware.github.io/dovetail/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2019-10795 (Medium) detected in undefsafe-2.0.2.tgz

mend-for-github-com opened this issue · comments

commented

CVE-2019-10795 - Medium Severity Vulnerability

Vulnerable Library - undefsafe-2.0.2.tgz

Undefined safe way of extracting object properties

Library home page: https://registry.npmjs.org/undefsafe/-/undefsafe-2.0.2.tgz

Path to dependency file: /tmp/ws-scm/dovetail/docs-src/themes/tibcolabs/assets/vendor/bootstrap/package.json

Path to vulnerable library: /tmp/ws-scm/dovetail/docs-src/themes/tibcolabs/assets/vendor/bootstrap/node_modules/undefsafe/package.json

Dependency Hierarchy:

  • nodemon-1.17.5.tgz (Root Library)
    • undefsafe-2.0.2.tgz (Vulnerable Library)

Vulnerability Details

undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a proto payload.

Publish Date: 2020-02-18

URL: CVE-2019-10795

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10795

Release Date: 2020-02-18

Fix Resolution: 2.0.3