WS-2022-0237 (High) detected in parse-url-6.0.0.tgz - autoclosed #92
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
pustovitDmytro
pushed a commit
that referenced
this issue
Feb 7, 2023
| datasource | package | from | to | | ---------- | ---------------------- | ------ | ------ | | npm | @commitlint/cli | 16.1.0 | 17.2.0 | | npm | @commitlint/lint | 16.0.0 | 17.2.0 | | npm | eslint-plugin-markdown | 2.2.1 | 3.0.0 | | npm | eslint-plugin-unicorn | 40.1.0 | 44.0.2 | | npm | husky | 7.0.4 | 8.0.2 | | npm | mocha | 9.2.0 | 10.1.0 | | npm | uuid | 8.3.2 | 9.0.0 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
pustovitDmytro
pushed a commit
that referenced
this issue
Feb 7, 2023
## [1.1.11](v1.1.10...v1.1.11) (2023-02-07) ### Chore * anti-terrorism disclaimer ([96327fe](96327fe)) * fixes eslint-plugin-unicorn version ([dd45e9a](dd45e9a)) * fixes npm audit ([0500470](0500470)) * fixes some npm audit vulnerabilities ([b913fee](b913fee)) * fixes some npm audit vulnerabilities (#86) ([eb549de](eb549de)), closes [#86](#86) * Lock file maintenance ([85b7c09](85b7c09)) * Update dependency danger to v11 ([1779a27](1779a27)) * Update dependency nanoid to 3.1.31 [SECURITY] (#83) ([89d3014](89d3014)), closes [#83](#83) * Update dependency node-fetch to 2.6.7 [SECURITY] (#84) ([11e82bc](11e82bc)), closes [#84](#84) * Update devDependencies (non-major) ([01bd6c0](01bd6c0)) * Update devDependencies (non-major) ([85a0161](85a0161)) * Update devDependencies (non-major) (#65) ([d60ef28](d60ef28)), closes [#65](#65) * Update devDependencies (non-major) (#66) ([69aac8f](69aac8f)), closes [#66](#66) * Update devDependencies (non-major) (#92) ([f492769](f492769)), closes [#92](#92) ### Docs * add logo ([6922aeb](6922aeb)) * drop lgtm ([b1841f2](b1841f2)) * update year in license ([64521cb](64521cb))
mend-bolt-for-github
bot
changed the title
|
✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WS-2022-0237 - High Severity Vulnerability
An advanced url parser supporting git urls too.
Library home page: https://registry.npmjs.org/parse-url/-/parse-url-6.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/parse-url/package.json
Dependency Hierarchy:
Found in HEAD commit: 568721464cb7c8af18e7574bbe1e029bc70aef1e
Found in base branch: master
Regular Expression Denial of Service (ReDoS) in ionicabizau/parse-url before 8.0.0.
It allows cause a denial of service when calling function parse-url
Publish Date: 2022-07-04
URL: WS-2022-0237
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Release Date: 2022-07-04
Fix Resolution: parse-url - 8.0.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: