WS-2018-0588 (High) detected in querystringify-1.0.0.tgz #122

mend-bolt-for-github · 2019-06-05T10:16:43Z

WS-2018-0588 - High Severity Vulnerability

Vulnerable Library - querystringify-1.0.0.tgz

Querystringify - Small, simple but powerful query string parser.

Library home page: https://registry.npmjs.org/querystringify/-/querystringify-1.0.0.tgz

Path to dependency file: /apexo/package.json

Path to vulnerable library: /tmp/git/apexo/node_modules/querystringify/package.json

Dependency Hierarchy:

pouchdb-authentication-1.1.3.tgz (Root Library)
- url-parse-1.2.0.tgz
  - ❌ querystringify-1.0.0.tgz (Vulnerable Library)

Found in HEAD commit: 3e1f1a630b2e4cf085971585dd7b40cd55fca73c

Vulnerability Details

A vulnerability was found in querystringify before 2.0.0. It's possible to override built-in properties of the resulting query string object if a malicious string is inserted in the query string.

Publish Date: 2019-06-04

URL: WS-2018-0588

CVSS 2 Score Details (7.6)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: unshiftio/querystringify@422eb4f

Release Date: 2019-06-04

Fix Resolution: 2.0.0

Step up your Open Source Security Game with WhiteSource here

The text was updated successfully, but these errors were encountered:

mend-bolt-for-github bot added the Mend: dependency security vulnerability Security vulnerability detected by WhiteSource label Jun 5, 2019

alexcorvi closed this as completed Jun 8, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2018-0588 (High) detected in querystringify-1.0.0.tgz #122

WS-2018-0588 (High) detected in querystringify-1.0.0.tgz #122

mend-bolt-for-github bot commented Jun 5, 2019

WS-2018-0588 (High) detected in querystringify-1.0.0.tgz #122

WS-2018-0588 (High) detected in querystringify-1.0.0.tgz #122

Comments

mend-bolt-for-github bot commented Jun 5, 2019

WS-2018-0588 - High Severity Vulnerability