WS-2018-0209 Medium Severity Vulnerability detected by WhiteSource

[mend-bolt-for-github]

WS-2018-0209 - Medium Severity Vulnerability

Vulnerable Library - morgan-1.9.0.tgz

HTTP request logger middleware for node.js

path: null

Library home page: https://registry.npmjs.org/morgan/-/morgan-1.9.0.tgz

Dependency Hierarchy:

• react-native-0.55.4.tgz (Root Library)
  • ❌ morgan-1.9.0.tgz (Vulnerable Library)

Vulnerability Details

morgan before 1.9.1 is vulnerable to code injection when user input is allowed into the filter or combined with a prototype pollution attack.

Publish Date: 2018-11-25

URL: WS-2018-0209

CVSS 2 Score Details (6.8)

Base Score Metrics not available

---

Step up your Open Source Security Game with WhiteSource here