WS-2017-0421 High Severity Vulnerability detected by WhiteSource #1

mend-bolt-for-github · 2019-01-16T06:50:26Z

WS-2017-0421 - High Severity Vulnerability

Vulnerable Library - ws-1.1.5.tgz

Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js

path: /tmp/git/Framework_1.4.0/node_modules/ws/package.json

Library home page: https://registry.npmjs.org/ws/-/ws-1.1.5.tgz

Dependency Hierarchy:

react-native-0.57.8.tgz (Root Library)
- ❌ ws-1.1.5.tgz (Vulnerable Library)

Found in HEAD commit: 6dd49220737caf3e237619cbff0aef4678458204

Vulnerability Details

Affected version of ws (0.2.6--3.3.0) are vulnerable to A specially crafted value of the Sec-WebSocket-Extensions header that used Object.prototype property names as extension or parameter names could be used to make a ws server crash.

Publish Date: 2017-11-08

URL: WS-2017-0421

CVSS 2 Score Details (7.5)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Jan 16, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2017-0421 High Severity Vulnerability detected by WhiteSource #1

WS-2017-0421 High Severity Vulnerability detected by WhiteSource #1

mend-bolt-for-github bot commented Jan 16, 2019

WS-2017-0421 High Severity Vulnerability detected by WhiteSource #1

WS-2017-0421 High Severity Vulnerability detected by WhiteSource #1

Comments

mend-bolt-for-github bot commented Jan 16, 2019

WS-2017-0421 - High Severity Vulnerability