CVE-2019-10747 (High) detected in set-value-2.0.0.tgz, set-value-0.4.3.tgz #612

mend-bolt-for-github · 2019-07-24T15:50:40Z

CVE-2019-10747 - High Severity Vulnerability

Vulnerable Libraries - set-value-2.0.0.tgz, set-value-0.4.3.tgz

set-value-2.0.0.tgz

Create nested values and any intermediaries using dot notation (`'a.b.c'`) paths.

Library home page: https://registry.npmjs.org/set-value/-/set-value-2.0.0.tgz

Path to dependency file: /Emendare/server/package.json

Path to vulnerable library: /tmp/git/Emendare/server/node_modules/set-value/package.json,/tmp/git/Emendare/server/node_modules/set-value/package.json,/tmp/git/Emendare/server/node_modules/set-value/package.json

Dependency Hierarchy:

ts-loader-4.5.0.tgz (Root Library)
- micromatch-3.1.10.tgz
  - snapdragon-0.8.2.tgz
    - base-0.11.2.tgz
      - cache-base-1.0.1.tgz
        
        ❌ set-value-2.0.0.tgz (Vulnerable Library)

set-value-0.4.3.tgz

Create nested values and any intermediaries using dot notation (`'a.b.c'`) paths.

Library home page: https://registry.npmjs.org/set-value/-/set-value-0.4.3.tgz

Path to dependency file: /Emendare/register/package.json

Path to vulnerable library: /tmp/git/Emendare/server/node_modules/union-value/node_modules/set-value/package.json,/tmp/git/Emendare/server/node_modules/union-value/node_modules/set-value/package.json,/tmp/git/Emendare/server/node_modules/union-value/node_modules/set-value/package.json

Dependency Hierarchy:

ts-loader-4.5.0.tgz (Root Library)
- micromatch-3.1.10.tgz
  - snapdragon-0.8.2.tgz
    - base-0.11.2.tgz
      - cache-base-1.0.1.tgz
        
        union-value-1.0.0.tgz
        
        ❌ set-value-0.4.3.tgz (Vulnerable Library)

Found in HEAD commit: 508b29e101de126573af1924b54a743fbc060149

Vulnerability Details

A vulnerability was found in set-value before 2.0.1 and from 3.0.0 before 3.0.1 previously reported as WS-2019-0176

Publish Date: 2019-07-24

URL: CVE-2019-10747

CVSS 2 Score Details (7.4)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: jonschlinkert/set-value@95e9d99

Release Date: 2019-07-24

Fix Resolution: 2.0.1,3.0.1

Step up your Open Source Security Game with WhiteSource here

The text was updated successfully, but these errors were encountered:

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Jul 24, 2019

greenkeeper bot mentioned this issue Aug 1, 2019

An in-range update of enzyme is breaking the build 🚨 #619

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2019-10747 (High) detected in set-value-2.0.0.tgz, set-value-0.4.3.tgz #612

CVE-2019-10747 (High) detected in set-value-2.0.0.tgz, set-value-0.4.3.tgz #612

mend-bolt-for-github bot commented Jul 24, 2019

CVE-2019-10747 (High) detected in set-value-2.0.0.tgz, set-value-0.4.3.tgz #612

CVE-2019-10747 (High) detected in set-value-2.0.0.tgz, set-value-0.4.3.tgz #612

Comments

mend-bolt-for-github bot commented Jul 24, 2019

CVE-2019-10747 - High Severity Vulnerability