CVE-2020-8116 (Medium) detected in dot-prop-4.2.0.tgz #20

mend-bolt-for-github · 2020-02-29T05:43:51Z

CVE-2020-8116 - Medium Severity Vulnerability

Vulnerable Library - dot-prop-4.2.0.tgz

Get, set, or delete a property from a nested object using a dot path

Library home page: https://registry.npmjs.org/dot-prop/-/dot-prop-4.2.0.tgz

Path to dependency file: /tmp/ws-scm/docs/v1/website/package.json

Path to vulnerable library: /tmp/ws-scm/docs/v1/website/node_modules/dot-prop/package.json

Dependency Hierarchy:

docusaurus-1.14.3.tgz (Root Library)
- cssnano-4.1.10.tgz
  - cssnano-preset-default-4.0.7.tgz
    - postcss-merge-rules-4.0.3.tgz
      - postcss-selector-parser-3.1.1.tgz
        
        ❌ dot-prop-4.2.0.tgz (Vulnerable Library)

Found in HEAD commit: a7d3b67391a549ecb56a2d63c1cf57dca7dc395c

Vulnerability Details

Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

Publish Date: 2020-02-04

URL: CVE-2020-8116

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8116

Release Date: 2020-02-04

Fix Resolution: dot-prop - 5.1.1

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Feb 29, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2020-8116 (Medium) detected in dot-prop-4.2.0.tgz #20

CVE-2020-8116 (Medium) detected in dot-prop-4.2.0.tgz #20

mend-bolt-for-github bot commented Feb 29, 2020

CVE-2020-8116 (Medium) detected in dot-prop-4.2.0.tgz #20

CVE-2020-8116 (Medium) detected in dot-prop-4.2.0.tgz #20

Comments

mend-bolt-for-github bot commented Feb 29, 2020

CVE-2020-8116 - Medium Severity Vulnerability