WS-2019-0253 (Medium) detected in serialize-to-js-1.2.2.tgz #47

mend-bolt-for-github · 2020-04-20T16:26:58Z

WS-2019-0253 - Medium Severity Vulnerability

Vulnerable Library - serialize-to-js-1.2.2.tgz

serialize objects to javascript

Library home page: https://registry.npmjs.org/serialize-to-js/-/serialize-to-js-1.2.2.tgz

Path to dependency file: /tmp/ws-scm/infinite/package.json

Path to vulnerable library: /tmp/ws-scm/infinite/node_modules/serialize-to-js/package.json

Dependency Hierarchy:

parcel-bundler-1.11.0.tgz (Root Library)
- ❌ serialize-to-js-1.2.2.tgz (Vulnerable Library)

Found in HEAD commit: f686a0f9119ce1b31715bd19e5a2f4705af80098

Vulnerability Details

serialize-to-js versions before 2.0.0 are vulnerable to DOS when ser input is not properly validated, allowing attackers to provide inputs that lead the execution to loop indefinitely.

Publish Date: 2019-09-11

URL: WS-2019-0253

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/790

Release Date: 2019-09-11

Fix Resolution: 2.0.0

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Apr 20, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2019-0253 (Medium) detected in serialize-to-js-1.2.2.tgz #47

WS-2019-0253 (Medium) detected in serialize-to-js-1.2.2.tgz #47

mend-bolt-for-github bot commented Apr 20, 2020

WS-2019-0253 (Medium) detected in serialize-to-js-1.2.2.tgz #47

WS-2019-0253 (Medium) detected in serialize-to-js-1.2.2.tgz #47

Comments

mend-bolt-for-github bot commented Apr 20, 2020

WS-2019-0253 - Medium Severity Vulnerability