WS-2019-0307 (Medium) detected in mem-1.1.0.tgz #162

mend-bolt-for-github · 2020-04-14T05:09:36Z

WS-2019-0307 - Medium Severity Vulnerability

Vulnerable Library - mem-1.1.0.tgz

Memoize functions - An optimization used to speed up consecutive function calls by caching the result of calls with identical input

Path to dependency file: recursos.osweekends.com/client/package.json

Path to vulnerable library: recursos.osweekends.com/client/node_modules/mem/package.json

Dependency Hierarchy:

webpack-3.11.0.tgz (Root Library)
- yargs-8.0.2.tgz
  - os-locale-2.1.0.tgz
    - ❌ mem-1.1.0.tgz (Vulnerable Library)

Vulnerability Details

In 'mem' before v4.0.0 there is a Denial of Service (DoS) vulnerability as a result of a failure in removal old values from the cache.

Publish Date: 2018-08-27

CVSS 3 Score Details (5.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2019-12-01

Fix Resolution: mem - 4.0.0

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Apr 14, 2020