WS-2018-0068 High Severity Vulnerability detected by WhiteSource #12
Description
WS-2018-0068 - High Severity Vulnerability
Vulnerable Library - constantinople-3.0.2.tgz
Determine whether a JavaScript expression evaluates to a constant (using UglifyJS)
path: /tmp/git/keno-server/node_modules/constantinople/package.json
Library home page: http://registry.npmjs.org/constantinople/-/constantinople-3.0.2.tgz
Dependency Hierarchy:
- jade-1.11.0.tgz (Root Library)
- ❌ constantinople-3.0.2.tgz (Vulnerable Library)
Vulnerability Details
Versions of constantinople prior to 3.1.1 are vulnerable to a sandbox bypass which can lead to arbitrary code execution.
Publish Date: 2018-04-21
URL: WS-2018-0068
CVSS 2 Score Details (10.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/568
Release Date: 2018-01-24
Fix Resolution: 3.1.1
Step up your Open Source Security Game with WhiteSource here