This repository was archived by the owner on Feb 25, 2021. It is now read-only.
This repository was archived by the owner on Feb 25, 2021. It is now read-only.
WS-2017-0236 Medium Severity Vulnerability detected by WhiteSource #11
Description
WS-2017-0236 - Medium Severity Vulnerability
Vulnerable Library - growl-1.9.2.tgz
Growl unobtrusive notifications
path: /tmp/git/timecamp-v2-javascript-client/node_modules/growl/package.json
Library home page: http://registry.npmjs.org/growl/-/growl-1.9.2.tgz
Dependency Hierarchy:
- mocha-3.0.2.tgz (Root Library)
- ❌ growl-1.9.2.tgz (Vulnerable Library)
Vulnerability Details
Affected versions of the package are vulnerable to Arbitrary Code Injection.
Publish Date: 2017-05-01
URL: WS-2017-0236
CVSS 2 Score Details (5.6)
Base Score Metrics not available
Suggested Fix
Type: Change files
Origin: tj/node-growl@d9f6ea2
Release Date: 2016-09-05
Fix Resolution: Replace or update the following files: package.json, growl.js
Step up your Open Source Security Game with WhiteSource here